2

I am trying to test the sending of emails with fail2ban, apparently mta = mail should do the trick and I also tried the mail action. But I am not sure how to test if it is working. From what I read action_mwl sends email on start and stop, but it is not doing so. Could you please let me know how to test. Thanks

[default]
bantime  = 600
findtime = 300
banaction = ufw
banaction_allports = iptables-allports
destemail = XXXXXX@gmail.com
sendername = Fail2ban
mta = mail
action = %(action_mwl)s
         mail[name=ssh, dest=XXXXXX@gmail.com]


[sshd]
enabled = true
port = XXXXXX
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

[postfix-sasl]
enabled  = true
findtime  = 10800
bantime = 7200
port     = smtp,465,587 submission,imap2,imap3,imaps,pop3,pop3s
filter   = postfix[mode=auth]
logpath  = /var/log/fail2ban-postfix.log
backend  = %(postfix_backend)s
maxretry = 2
Bradox
  • 109
  • 1
  • 9

1 Answers1

0

This works - Feb 2022

A previous answer of mine was deleted, something I find to be a mistake to do.

The answer, gives a GOOD answer to the question, is a unique solution, where this won't be found on the web.

This solution regarding Fail2Ban is also a solution for ModSecurity Email alert notification, where for ModSecurity blocking a Fail2Ban filter-jail is configured, and then an email for such filter-jail enables the Fail2Ban alert notification for a ModSecurity event.

I have conducted a lot of tests to find the solution, which answers several asked questions.

The solution is to add a second action line with the content:

sendmail[mailcmd='/usr/sbin/sendmail -f "<sender>" "<dest>"', dest="email@recipient.com", sender="fail2ban", sendername="Fail2Ban", name="jail_name"]
Ziegel
  • 1
  • 1