Notification is an essential part of setting up Fail2ban and setting up email notifications in Fail2ban requires a mail server to send emails.
I've tried to configure sendmail (following this tutorial) to send an email with smtp port but it requires many steps to be performed to start using it. And then I found out about sSMTP, it works but Archwiki said:
sSMTP is unmaintained. Consider using something like msmtp or OpenSMTPD instead. [Archwiki/ssmtp]
So I decided to use msmtp to make my ubuntu server send email easily.
Step 1: Installation of msmtp
I use Ubuntu (a Debian-based system), install msmtp with the following command:
sudo apt-get install msmtp msmtp-mtaThe configuration file is as follows:
sudo nano /etc/msmtprcand then use the following settings for smtp account:
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account mxroute
host taylor.mxrouting.net
port 587
from email@mydomain.com
user email@mydomain.com
password password
account default : mxroute
domain mydomain.comNote
Replace with your smtp server configuration. For example:
- Replace
mxroutewith your email provider's name - Replace
taylor.mxrouting.netto your server smtp hostname - Replace
mydomain.comin the domain section to your domain name. - msmtp log will be created on
/root/.msmtp.log
Save the file, and change permission with chmod 600/etc/msmtprc because the file contains the user and password in plain text.
Chmod 600 means that
(U)ser / owner can read, can write and can't execute.
(G)roup can't read, can't write and can't execute.
(O)thers can't read, can't write and can't execute.
next step is to configure Fail2ban
Step 2: Configure Fail2ban
Create a new action.d with the name msmtp-whois.conf
nano /etc/fail2ban/action.d/msmtp-whois.confand add the following code below:
# Fail2Ban configuration file
#
# MSMTP
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: BANNED IP <ip>!
Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <destination>\n
Hi,\n
The jail <name> has banned ip <ip> after <failures> attempts against <name>.\n
Here is some info about the IP: https://db-ip.com/<ip> \n
Regards,\n
Fail2Ban" | <mailcmd> <destination>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = printf %%b "Subject: [Fail2Ban] <name>: UNBANNED IP <ip>
Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <destination>\n
Hi,\n
Fail2ban has unbanned ip https://db-ip.com/<ip> successfully. \n
Regards,\n
Fail2Ban" | <mailcmd> <destination>
[Init]
# Your system mail command
#
mailcmd = /usr/bin/msmtp -a default
/etc/fail2ban/action.d/msmtp-whois.confThis fail2ban action will send an email notification whenever IPs get banned or unbanned.
Open your /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.localadd the following in the [DEFAULT] section, if you want to send email notifications to all jails:
[DEFAULT]
...
mta = msmtp
action = %(action_mw)s[from=noreply@mydomain.com, sender=noreply@mydomain.com, destination=myother@otherdomain.com, sendername=Fail2Ban]Note
- From and Sender: The email account it sends from
- Destination: Where you want to send the notification.
- Sendername: Name of the sender
But if you want to send email notifications in only one specific jail, add action to the [jail] section.
Step 3: Let's try it out
I use this cf-wplogin jail from Fail2ban with Cloudflare tutorial to test.
Email result
Fail2ban successfully sends email notifications, and the email result will look like this:
-problem: At this time I posted (20/03/2023) Gmail not receiving any my msmtp email, I am still this figuring out
Reference:
If you guys are interested more about configuring fail2ban notifications, you may read fail2ban notifications to pushover, telegram, or even to discord!
Thank you for reading!