smtpfail2ban

fail2ban not sending emails


My fail2 ban and my s-nail seem to be working separately, but not together. The following command sends emails successfully:

echo 'Message body' | mail --subject='A subject' mydestaddress@gmail.com 

I have configured fail2ban for sshd and tested it (iptables works). My jail.local differs from jail.conf on these lines:

# for testing purposes
bantime  = 1m
findtime  = 10m
maxretry = 3

destemail = mydestaddress@gmail.com
sender = myaddress@gmail.com

mta = mail

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
enabled = true
port    = ssh # not changed
logpath = %(sshd_log)s # not changed
backend = %(sshd_backend)s # not changed

if I change action = %(action_)s to action = %(action_mw)s in the [default] section of jail.local, my systemd unit will fail on restart.

Also, per this bugreport I also tried to modify mail.conf, mail-whois.conf and mail-buffered.conf in action.d/ to make

mail -E 'set escape'

into

mailx

But it did not help, the service will crash with or without this modification in the action.d files.

My /var/log/fail2ban.log is not informative, my service status however:

    $ sudo systemctl -l status fail2ban

× fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sat 2021-10-30 14:27:03 CEST; 2min 3s ago
       Docs: man:fail2ban(1)
    Process: 33602 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 33603 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 33603 (code=exited, status=255/EXCEPTION)
        CPU: 389ms

Oct 30 14:27:03 systemd[1]: Starting Fail2Ban Service...
Oct 30 14:27:03 systemd[1]: Started Fail2Ban Service.
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.configreader   [33603]: ERROR   Found no accessible config files for 'action.d/#sendmail-whois' under /etc/fail2ban
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.jailreader     [33603]: ERROR   Unable to read action '#sendmail-whois'
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,877 fail2ban.jailsreader    [33603]: ERROR   Errors in jail 'sshd'. Skipping...
Oct 30 14:27:03 fail2ban-server[33603]: 2021-10-30 14:27:03,896 fail2ban                [33603]: ERROR   Async configuration of server failed
Oct 30 14:27:03 systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Oct 30 14:27:03 systemd[1]: fail2ban.service: Failed with result 'exit-code'.

Solution

  • Figured it out. The key part is this, in the comment in the mail config files:

    # Option:  actionban
    # Notes.:  command executed when banning an IP. Take care that the
    #          command is executed with Fail2Ban user rights.
    # Tags:    See jail.conf(5) man page
    # Values:  CMD
    

    Emphasis on this line: command is executed with Fail2Ban user rights. All this time I tried sending mail with my own user instead of root.

    Switching to root (sudo su) and trying the same mail sending command, I quickly realized that I was missing /etc/msmtprc, as well as ~/.mailrc, ~/.netrc (for root user).

    Adding these quickly solved the mail sending issue.

    Will mark as solved once it is possible.