detox1978
asked on
Fail2ban: disable email notifications
Hi All,
I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.
I dont want an email everytime a spammer is blocked.
How do I disable email notifications?
many thanks
I recently setup fail2ban on my CentOS 6.5 VPS, which running as expected.
I dont want an email everytime a spammer is blocked.
How do I disable email notifications?
many thanks
In /etc/fail2ban/jail.conf locate the jail by its name in brackets, then from the "action =" lines remove the "sendmail.*dest=you@mail.c om]" part. The re-initialize the configuration change by running 'fail2ban-client reload [name-of-jail]' and check with 'fail2ban-client get [name-of-jail] actionstart'.
ASKER
That didnt work.
I commented out my email address and reloaded fail2ban, but it's still sending me email
I commented out my email address and reloaded fail2ban, but it's still sending me email
fail2ban-client -d
returns ['set', 'postfix', 'setcinfo', 'sendmail', 'dest', 'myemail@gmail.com']
From your output it seems enabled but you didn't post what you did nor your jail.conf contents, so rinse & repeat in the jail.conf Postfix section. Then check with 'grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail' and if OK reload the affected services.
ASKER
Sorry for the delay
I'm still getting emails.... :-(
[root@www ~]# grep -v -n ^# /etc/fail2ban/jail.conf | grep sendmail
69: sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
79: sendmail-whois[name=ProFTPD, dest=you@example.com]
91: sendmail-whois[name=sasl, dest=you@example.com]
102: sendmail-whois[name=SSH, dest=you@example.com]
139:action = sendmail-whois[name=VSFTPD, dest=you@example.com]
151: sendmail-whois[name=VSFTPD, dest=you@example.com]
164: sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
176: sendmail[name=Postfix, dest=you@example.com]
229: sendmail-whois[name="SSH,IPFW", dest=you@example.com]
274: sendmail-whois[name=Named, dest=you@example.com]
285: sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
294: sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com]
309: sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
I'm still getting emails.... :-(
ASKER
Bizzarly when I reload fail2ban it says the jail already exists?
[root@www ~]# fail2ban-client -i
Fail2Ban v0.8.7 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
fail2ban> reload
WARNING 'action' not defined in 'php-url-fopen'. Using default value
WARNING 'action' not defined in 'lighttpd-auth'. Using default value
WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value
The jail 'postfix' already exists
fail2ban>
ASKER
Ok, I managed to reload the jail (I was using the wrong command). When I check the status I get the following
[root@www ~]# fail2ban-client status postfix
Status for the jail: postfix
|- filter
| |- File list: /var/log/maillog
| |- Currently failed: 206
| `- Total failed: 219
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
ASKER
I'm still getting lots of email notifications. So not sure what else to try.
ASKER
This is still a big issue for me. Any ideas. This should be pretty simple.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay. I created a rule in my gmail account to bin them, so this is no longer needed.
Many thanks
Many thanks