On 12-04-19 15:33, David Shuman wrote:
Good morning,
I'm an amateur with linux and toy around with a VPS for a few years
now. I've used Fail2ban to help protect it and have for many years.
I've never had this issue before, but now all my emails sent about
blocks have the wrong hostname in the subject line. Right now running
the latest ubuntu.
The issue my domain name is abc.com so before around early March I would
see an email subject line similar to the below:
[Fail2Ban] sshd: banned xxx.xxx.xx.xxx from abc.com
*NOW*
[Fail2Ban] sshd: banned xxx.xxx.xx.xxx from *xyz.com*
This coincided when I did an apt-get update/upgrade around early March,
which I believe updated my Fail2Ban as well. I dont believe this
changed my personalized settings and I checked and dont recall anything
out place. Ironically enough, this only happens on my SSHD alerts, I
just noticed that i have recent apache alerts that have the correct
domain in the subject line. I've searched the entire filesystem for
xyz.com and cant find any trace of it in anything. I've run linux
security scanners to check no malware/hack. Just odd.
The next strange thing is I opened a ticket with my VPS host and they
indicated they didn't see anything wrong as my headers were showing the
correct hostname, and their info showed the correct hostname, but this
new hostname that started showing up was the *HOSTNAME FROM THE CUSTOMER
THAT WAS ON THE VPS BEFORE ME*
On my ubuntu 16.04 using fail2ban 0.9.3 from default packages, both the
"mail-*" and "sendmail-*" actions use the value of 'uname -n' in the
subject. It's hard to debug this without some more details.
Could you give us a bit more information?
- version of fail2ban
- which mail action are you using? How does it set the subject?
- output of the shell commands 'uname -n' and 'uname -a'
- output of the shell command 'hostname -f'
- the actual hostname you expect to see
- the actual hostname you are seeing in the email subjects
Kind regards,
Tom
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
