On Mon, Sep 26, 2011 at 9:45 PM, <[email protected]> wrote: > I have fail2ban set up and it works quite well, except for the fact that > whenever it sends me an Email, it always sends two copies. Every night > when the logs rotate, it does this twice, once when t stops and once > when it restarts, and when it bans an ip it also sends two emails saying > so. > > any ideas as to why this is so and how to fix? > > Thanks in advance for any sugggestions.
The emails when the service is stopped and started can be disabled in /etc/fail2ban/action.d/mail.conf (comment out the actionstart and actionstop sections). If you get multiple emails when someone is banned, it sounds like you have more than one rule enabled that is being triggered by the same event. For example, I think in the default jail.conf there's an ssh rule that bans in the firewall as well as an ssh rule that writes to hosts.deny. I disabled all of the email alerts from fail2ban because I was getting dozens up to hundreds of them per day, it seemed to be functioning properly, and I was basically flooding my inbox. :)
