Solved

Fail2ban:  disable email notifications

Posted on 2014-03-08
12
8,342 Views
Last Modified: 2014-06-09
Hi All,

I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.

I dont want an email everytime a spammer is blocked.

How do I disable email notifications?


many thanks
0
Comment
Question by:detox1978
12 Comments
 
LVL 7

Expert Comment

by:unSpawn
ID: 39915702
In /etc/fail2ban/jail.conf locate the jail by its name in brackets, then from the "action =" lines remove the "sendmail.*dest=you@mail.com]" part. The re-initialize the configuration change by running 'fail2ban-client reload [name-of-jail]' and check with 'fail2ban-client get [name-of-jail] actionstart'.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39915712
That didnt work.

I commented out my email address and reloaded fail2ban, but it's still sending me email

fail2ban-client -d

Open in new window

returns
['set', 'postfix', 'setcinfo', 'sendmail', 'dest', 'myemail@gmail.com']

Open in new window

0
 
LVL 7

Expert Comment

by:unSpawn
ID: 39916834
From your output it seems enabled but you didn't post what you did nor your jail.conf contents, so rinse & repeat in the jail.conf Postfix section. Then check with 'grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail' and if OK reload the affected services.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 2

Author Comment

by:detox1978
ID: 39934694
Sorry for the delay

[root@www ~]# grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail
69:           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
79:           sendmail-whois[name=ProFTPD, dest=you@example.com]
91:           sendmail-whois[name=sasl, dest=you@example.com]
102:              sendmail-whois[name=SSH, dest=you@example.com]
139:action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
151:           sendmail-whois[name=VSFTPD, dest=you@example.com]
164:           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
176:           sendmail[name=Postfix, dest=you@example.com]
229:           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
274:           sendmail-whois[name=Named, dest=you@example.com]
285:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
294:           sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
309:           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]

Open in new window


I'm still getting emails.... :-(
0
 
LVL 2

Author Comment

by:detox1978
ID: 39934723
Bizzarly when I reload fail2ban it says the jail already exists?

[root@www ~]# fail2ban-client -i
Fail2Ban v0.8.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

fail2ban> reload
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-auth'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
The jail 'postfix' already exists
fail2ban>

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39934742
Ok, I managed to reload the jail (I was using the wrong command).  When I check the status I get the following

[root@www ~]# fail2ban-client status postfix
Status for the jail: postfix
|- filter
|  |- File list:        /var/log/maillog
|  |- Currently failed: 206
|  `- Total failed:     219
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39935599
I'm still getting lots of email notifications.  So not sure what else to try.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40017062
This is still a big issue for me.  Any ideas.  This should be pretty simple.
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 40020402
I would create an email alias that gets forwarded to /dev/null in your email server configuration and use that email address in your notify section of the configuration.
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 40020619
in jail.conf change

action = %(action_mw)s
   to
action = %(action_)s

There are several actions defined in jail.conf.  action_mw sends mail.  action_ does not.

or

Find and change
destemail = your_email@domain.com
0
 
LVL 2

Author Closing Comment

by:detox1978
ID: 40121616
Sorry for the delay.  I created a rule in my gmail account to bin them, so this is no longer needed.

Many thanks
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
hmailserver thunderbird slow to send/receive messages 2 73
linux redhat 7.2 10 72
ifconfig 4 46
Changed email server and mail going to both servers 19 38
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question