-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
The debug logging from fail2ban shows that the message is sent
successfully to the sendmail program.
Can you find logging from your mail server (postfix, sendmail) that
confirms that the message sent on to gmail?
Regards,
Tom
On 23-01-16 18:28, Saren Tasciyan wrote:
> Hi,
>
> I think it is not the problem. One can define jails either in
> separate files or single file. I was wondering, why I only get
> e-mail once but not on repeated failed attempts...
>
> Cheers
>
> On 18.01.2016 08:07, kuncho pencho wrote:
>> HI,
>>
>> I'm sorry, but my english is worst. I mean "my config". :)
>>
>> I think, you should have sshd.conf in jail.d/. In my jail.local
>> all rules are set to "false" and i have 3 files in jail.d/ ,
>> sshd.conf, exim.conf, dovecot.conf and there i set "true". I'll
>> paste my sshd.conf:
>>
>> [ssh] enabled = true filter = sshd action = iptables[name=SSH,
>> port=ssh, protocol=tcp] sendmail-whois[name=SSH,
>> [email protected], [email protected],
>> sendername="Fail2Ban"] logpath = /var/log/sshd/current maxretry =
>> 5 bantime = 2592000 findtime = 144000
>>
>> Cheers
>>
>>
>>
>>
>>
>>
>>> -------- ?????????? ????? -------- ??: "YouGenom ."
>>> [email protected] ???????: Re: [Fail2ban-users] Fail2Ban
>>> sends mails only once ??: kuncho pencho <[email protected]>
>>> ????????? ??: 18.01.2016 02:50
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Hi,
>>
>>
>> Sorry about that. There is actually "]" at the end. I have
>> somehow mistakenly deleted it. Actual file has it.
>>
>> jail.d directory is completely empty.
>>
>> What do you mean with "Main config"? Is the suggested/correct way
>> of using sendmail-whois this: sendmail-whois[name=SSH, dest=
>> [email protected], sender= [email protected],
>> sendername="Fail2Ban"] ?
>>
>>
>> Thanks a lot for the assistance!
>>
>>
>>
>>
>>
>>
>>
>> On Sun, Jan 17, 2016 at 5:49 PM, kuncho pencho <[email protected]>
>> wrote:
>>
>>
>>
>> Hi,
>>
>> Could you try to set sender in ssh section in jail.conf?
>>
>> Yours config is "sendmail-whois[name=ssh, dest= [email protected]"
>> , here is missing "]" simbol and sender.
>>
>> Main config is with this line:
>>
>> sendmail-whois[name=SSH, dest= [email protected], sender=
>> [email protected], sendername="Fail2Ban"]
>>
>> Do you have sshd.conf in jail.d ?
>>> -------- ?????????? ????? -------- >??: "YouGenom ."
>> [email protected] >???????: Re: [Fail2ban-users] Fail2Ban
>> sends mails only once
>>> ??: kuncho pencho <
>> [email protected]>
>>> ????????? ??: 17.01.2016 16:50
>>
>>
>>
>>
>>
>>
>>
>> Hi,
>>
>>
>> I did not get any error message after setting up exim4 (but
>> before that I did not get any mail at all anyway). So at the
>> (first,) second and further failed logins there are no errors.
>> But I only get the warning mail at the first failed login. Here
>> is my configuration file (jail.local) attached.
>>
>>
>> Thanks!
>>
>>
>>
>>
>>
>> On Sun, Jan 17, 2016 at 1:45 PM, kuncho pencho <[email protected]>
>> wrote:
>>
>>
>>
>> Hi,
>>
>> Could you paste your jail.conf and jail.d/sshd.conf? Is there an
>> error in fail2ban.log?
>>
>>
>>
>>> -------- ?????????? ????? -------- ??: "YouGenom ."
>> [email protected]
>>> ???????: [Fail2ban-users] Fail2Ban sends mails only once ??:
>> [email protected]
>>> ????????? ??: 17.01.2016 13:39
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Hi,
>>
>>
>> I have been trying to set up fail2ban. I have only edited for the
>> SSH jail to warn me in case of failed login. Other
>> jails/actions/filters are at default. Then I tried from another
>> machine a failed login (6 times with wrong password). I have got
>> the mail with whois info. So this is what I was expecting. Then I
>> have waited for the ban to expire (10 mins) and retried to failed
>> login. I did not get any mail this time. In logs, it was
>> mentioned, that a ban was issued for the client IP address.
>> Interestingly, by using another IP address (through VPN) I could
>> get again an e-mail warning for the first time but not second
>> time. It seems to me fail2ban sends e-mail warning only once per
>> IP-address. Moreover, I changed log level to 4 (DEBUG) and ran
>> fail2ban-client reload. Then I tried a failed login with the old
>> (once banned) IP address. It did not send any mail but I found
>> this in the logs:
>>
>> 2016-01-17 12:32:08,961 fail2ban.actions.action[21573]: DEBUG
>> printf %b "Subject: [Fail2Ban] ssh: banned 192.168.0.11 from
>> `uname -n` Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
>> From: Fail2Ban <fail2ban> To: [email protected]\n Hi,\n The IP
>> 192.168.0.11 has just been banned by Fail2Ban after 6 attempts
>> against ssh.\n\n Here is more information about 192.168.0.11:\n
>> `/usr/bin/whois 192.168.0.11 || echo missing whois program`\n
>> Regards,\n Fail2Ban" | /usr/sbin/sendmail -f fail2ban
>> [email protected] 2016-01-17 12:32:09,491
>> fail2ban.actions.action[21573]: DEBUG printf %b "Subject:
>> [Fail2Ban] ssh: banned 192.168.0.11 from `uname -n` Date:
>> `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"` From: Fail2Ban
>> <fail2ban> To: [email protected]\n Hi,\n The IP 192.168.0.11 has
>> just been banned by Fail2Ban after 6 attempts against ssh.\n\n
>> Here is more information about 192.168.0.11:\n `/usr/bin/whois
>> 192.168.0.11 || echo missing whois program`\n Regards,\n
>> Fail2Ban" | /usr/sbin/sendmail -f fail2ban [email protected]
>> returned successfully
>>
>>
>> I am not sure, if the issue is because of my GMail account
>> blocking the mails or is it a feature in Fail2Ban to prevent
>> e-mail flood?
>>
>>
>> Best wishes!
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
- ---------
>>
>>
>>
Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just
>> $35/Month Monitor end-to-end web transactions and take corrective
>> actions now Troubleshoot faster and improve end-user experience.
>> Signup Now!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________ Fail2ban-users
>> mailing list
>>
>> [email protected]
>>
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
- ---------
>>
>>
Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just
>> $35/Month Monitor end-to-end web transactions and take corrective
>> actions now Troubleshoot faster and improve end-user experience.
>> Signup Now!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________ Fail2ban-users
>> mailing list
>>
>> [email protected]
>>
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
- ---------
>>
>>
Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just
>> $35/Month Monitor end-to-end web transactions and take corrective
>> actions now Troubleshoot faster and improve end-user experience.
>> Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>
>>
>> _______________________________________________ Fail2ban-users
>> mailing list [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ----------------------------------------------------------------------
- --------
>
>
Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions
> now Troubleshoot faster and improve end-user experience. Signup
> Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
>
> _______________________________________________ Fail2ban-users
> mailing list [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWo71KAAoJEJPfMZ19VO/15igP/iklD2p/25g1JQnyNAoi2LcQ
nGZ2VEdOJRxG3VXIM5Pltw6CZT3/gIuXQNy90bsBi8XdAkQHvRj6AgTfYUXDj6CC
z2Arx2FhUPecTLyxljnUz1nAkJbCpWVRqgpqhzz6wC3oXf2DNvU4thK8IBZQiysH
pBcv6VfdEN2PW9yn+E6EDJz2U43NGoedQ+FaBpMtJUpxRCk9ByvBC7zEkROvEVms
DVbab1iJEyHzrDcCfMTLsEYBA2vTmWOupb+9W/fK23qtW413c5o3Of3vgLppTsn9
QlX00T/9iNtbkkX3Ry/805OLLxUbmw0SfiGa+V1FeiSoxJMPWfX6rF7WUJoLHWmL
Bf4CEcXG8JL9quY0T3Gtg40d+NjpwYYhv283N98MO+S/4Q+8bB7+qhvNc73cz557
6numXxeH4F+xp7iSKDFQe1tz2frxc0Yk9L999daPDwUyNZsgQr763CLunOaAR7Qh
U8jdNIX/CIfF4svbgoteLbwVlvyyAm0r156a534O8shARr71McNMYyvCwZT2xIZl
TK9yU/cK2G4AWa4zt/E7p7s+j9Wb2HieYRA3+sa895TqtEH8Qz08wcexCxr8XJab
aGPWbgadgiTSW16QC5ncvXmvm+ZTUhYmV949l2CGIHfitxyKW6AjOvA/JAl8bKea
26ixXT6dbLsoQzl/ZXk+
=E6Pa
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
