Hi, I did not get any error message after setting up exim4 (but before that I did not get any mail at all anyway). So at the (first,) second and further failed logins there are no errors. But I only get the warning mail at the first failed login. Here is my configuration file (jail.local) attached.
Thanks! On Sun, Jan 17, 2016 at 1:45 PM, kuncho pencho <[email protected]> wrote: > Hi, > > Could you paste your jail.conf and jail.d/sshd.conf? Is there an error in > fail2ban.log? > > > > >-------- Оригинално писмо -------- > >От: "YouGenom ." [email protected] > >Относно: [Fail2ban-users] Fail2Ban sends mails only once > >До: [email protected] > >Изпратено на: 17.01.2016 13:39 > > Hi, > > I have been trying to set up fail2ban. I have only edited for the SSH jail > to warn me in case of failed login. Other jails/actions/filters are at > default. Then I tried from another machine a failed login (6 times with > wrong password). I have got the mail with whois info. So this is what I was > expecting. Then I have waited for the ban to expire (10 mins) and retried > to failed login. I did not get any mail this time. In logs, it was > mentioned, that a ban was issued for the client IP address. Interestingly, > by using another IP address (through VPN) I could get again an e-mail > warning for the first time but not second time. It seems to me fail2ban > sends e-mail warning only once per IP-address. Moreover, I changed log > level to 4 (DEBUG) and ran fail2ban-client reload. Then I tried a failed > login with the old (once banned) IP address. It did not send any mail but I > found this in the logs: > > 2016-01-17 12:32:08,961 fail2ban.actions.action[21573]: DEBUG printf %b > "Subject: [Fail2Ban] ssh: banned 192.168.0.11 from `uname -n` > Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"` > From: Fail2Ban <fail2ban> > To: [email protected]\n > Hi,\n > The IP 192.168.0.11 has just been banned by Fail2Ban after > 6 attempts against ssh.\n\n > Here is more information about 192.168.0.11:\n > `/usr/bin/whois 192.168.0.11 || echo missing whois program`\n > Regards,\n > Fail2Ban" | /usr/sbin/sendmail -f fail2ban [email protected] > 2016-01-17 12:32:09,491 fail2ban.actions.action[21573]: DEBUG printf %b > "Subject: [Fail2Ban] ssh: banned 192.168.0.11 from `uname -n` > Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"` > From: Fail2Ban <fail2ban> > To: [email protected]\n > Hi,\n > The IP 192.168.0.11 has just been banned by Fail2Ban after > 6 attempts against ssh.\n\n > Here is more information about 192.168.0.11:\n > `/usr/bin/whois 192.168.0.11 || echo missing whois program`\n > Regards,\n > Fail2Ban" | /usr/sbin/sendmail -f fail2ban [email protected] returned > successfully > > I am not sure, if the issue is because of my GMail account blocking the > mails or is it a feature in Fail2Ban to prevent e-mail flood? > > Best wishes! > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > >
jail.local
Description: Binary data
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
