My fail2 ban and my s-nail seem to be working separately, but not together. The following command sends emails successfully:
echo 'Message body' | mail --subject='A subject' mydestaddress@gmail.com
I have configured fail2ban for sshd and tested it (iptables works). My jail.local differs from jail.conf on these lines:
# for testing purposes
bantime = 1m
findtime = 10m
maxretry = 3
destemail = mydestaddress@gmail.com
sender = myaddress@gmail.com
mta = mail
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
enabled = true
port = ssh # not changed
logpath = %(sshd_log)s # not changed
backend = %(sshd_backend)s # not changed
if I change
action = %(action_)s
to action = %(action_mw)s
in the [default]
section of jail.local, my systemd unit will fail on restart.
Also, per this bugreport I also tried to modify mail.conf
, mail-whois.conf
and mail-buffered.conf
in action.d/
to make
mail -E 'set escape'
into
mailx
But it did not help, the service will crash with or without this modification in the action.d files.
My /var/log/fail2ban.log is not informative, my service status however:
$ sudo systemctl -l status fail2ban
× fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2021-10-30 14:27:03 CEST; 2min 3s ago
Docs: man:fail2ban(1)
Process: 33602 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Process: 33603 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 33603 (code=exited, status=255/EXCEPTION)
CPU: 389ms
Oct 30 14:27:03 systemd[1]: Starting Fail2Ban Service...
Oct 30 14:27:03 systemd[1]: Started Fail2Ban Service.
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.configreader [33603]: ERROR Found no accessible config files for 'action.d/#sendmail-whois' under /etc/fail2ban
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.jailreader [33603]: ERROR Unable to read action '#sendmail-whois'
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.jailsreader [33603]: ERROR Errors in jail 'sshd'. Skipping...
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,896 fail2ban [33603]: ERROR Async configuration of server failed
Oct 30 14:27:03 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Oct 30 14:27:03 systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Figured it out. The key part is this, in the comment in the mail config files:
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
Emphasis on this line: command is executed with Fail2Ban user rights. All this time I tried sending mail with my own user instead of root.
Switching to root (sudo su) and trying the same mail sending command, I quickly realized that I was missing /etc/msmtprc
, as well as ~/.mailrc
, ~/.netrc
(for root user).
Adding these quickly solved the mail sending issue.
Will mark as solved once it is possible.