Re: [Fail2ban-users] Mail notifications not including whois info

Sat, 02 May 2020 11:11:58 -0700 

When I run:

sudo docker exec -it letsencrypt ls -la /usr/bin

This is what I get:

lrwxrwxrwx   1 root root      12 Mar 26 18:40  whois -> /bin/busybox

 

From: Tom Hendrikx <t...@whyscream.net> 
Sent: Saturday, May 2, 2020 10:10 AM
To: fail2ban-users@lists.sourceforge.net
Subject: Re: [Fail2ban-users] Mail notifications not including whois info

 

Hi,

there are may dofferent whois clients (it's a simply binary which can query
various whois servers around the world. Not all whois clients support all
features. It seems that (from your example) the whois client on your docker
host supports querying by ip-address, but the whois binary inside the
'letsencrypt' docker container doesn't.

Maybe you can install a different whois package in the container, this
depends on the distro the container was based on. My ubuntu 18.04 desktop
lists at least 3 commandline whois clients in the default repository.

Kind regards,

    Tom

On 02-05-2020 15:42, arsdale...@gmail.com <mailto:arsdale...@gmail.com>
wrote:

Hello,

 

I recently installed Fail2Ban along with nginx using the
linuxserver/letsencrpt docker.  I love it.  It has solved a long term
problem for me and made my network run much smoother.  I have ironed out all
my install problems but one, which has been driving me crazy.  

 

In jail.local, I use action = %(action_mwl)s as my default action and after
tailoring e-mail notification settings in sendmail-whois-lines.local with 

Fail2Ban" ) | /usr/sbin/sendmail -t -v -H 'exec openssl s_client -quiet
-tls1 -starttls smtp -connect smtp.gmail.com:587' -aumyusername
-apmyapppassword <dest>  it works great except for one issue.

 

I believe the default action uses sendmail-whois-lines.conf

 

This is what I always get in the response:

 

[Querying whois.iana.org:43 '122.166.7.73'] [Querying whois.iana.org:43
'domain 122.166.7.73'] [whois.iana.org] % IANA WHOIS server % for more
information on IANA, visit http://www.iana.org % % Error: Invalid query
domain 122.166.7.73

 

In an effort to figure things out, I have tried 

1.      /usr/bin/whois 107.33.23.17 which is successful
2.      sudo docker exec -it letsencrypt whois google.com which is
successful
3.      sudo docker exec -it letsencrypt whois 122.166.7.73 which fails with
the above error message.

 

I am relatively new to docker, but here is my docker-compose:

 

version: "2" 

services:

  letsencrypt: # https://github.com/linuxserver/docker-letsencrypt

    container_name: letsencrypt

    image: linuxserver/letsencrypt:latest

    restart: unless-stopped

    cap_add:

      - NET_ADMIN

    volumes:

      - /home/user/docker/letsencrypt/config:/config

      - /etc/localtime:/etc/localtime:ro

    environment:

      - PGID=xxxx

      - PUID=xxxx

      - EMAIL=my_em...@gmail.com <mailto:EMAIL=my_em...@gmail.com> 

      - URL=myduckdns.duckdns.org

      - SUBDOMAINS=wildcard

      - VALIDATION=duckdns

      - TZ=America/New_york

      - DUCKDNSTOKEN=myxxxxxduckdnsxxxxxtoken

    ports:

      - "80:80"

      - "443:443"

 

Any help would be greatly appreciated.

Thanks,

Dan






_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to