Email Notification Fail2ban with MSMTP

Ariq Naufal -
💡
This tutorial is part of the How to: Fail2Ban tutorials series, you may check the main post to know what Fail2ban is, and how Fail2Ban works.

Notification is an essential part of setting up Fail2ban and setting up email notifications in Fail2ban requires a mail server to send emails.

I've tried to configure sendmail (following this tutorial) to send an email with smtp port but it requires many steps to be performed to start using it. And then I found out about sSMTP, it works but Archwiki said:

sSMTP is unmaintained. Consider using something like msmtp or OpenSMTPD instead. [Archwiki/ssmtp]

So I decided to use msmtp to make my ubuntu server send email easily.

Step 1: Installation of msmtp

I use Ubuntu (a Debian-based system), install msmtp with the following command:

sudo apt-get install msmtp msmtp-mta

The configuration file is as follows:

sudo nano /etc/msmtprc

and then use the following settings for smtp account:

defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile        ~/.msmtp.log
account        mxroute
host           taylor.mxrouting.net
port           587
from           email@mydomain.com
user           email@mydomain.com
password       password
account default : mxroute
domain mydomain.com
/etc/msmtprc

Note

Replace with your smtp server configuration. For example:

  • Replace mxroute with your email provider's name
  • Replace taylor.mxrouting.net to your server smtp hostname
  • Replace mydomain.com in the domain section to your domain name.
  • msmtp log will be created on /root/.msmtp.log

Save the file, and change permission with chmod 600/etc/msmtprc because the file contains the user and password in plain text.

Chmod 600 means that
(U)ser / owner can read, can write and can't execute.
(G)roup can't read, can't write and can't execute.
(O)thers can't read, can't write and can't execute.

next step is to configure Fail2ban

Step 2: Configure Fail2ban

Create a new action.d with the name msmtp-whois.conf

nano /etc/fail2ban/action.d/msmtp-whois.conf

and add the following code below:

# Fail2Ban configuration file
#
# MSMTP

[Definition]

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#

actionban =   printf %%b "Subject: [Fail2Ban] <name>: BANNED IP <ip>!
              Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
              From: <sendername> <<sender>>
              To: <destination>\n
              Hi,\n
              The jail <name> has banned ip <ip> after <failures> attempts against <name>.\n
              Here is some info about the IP: https://db-ip.com/<ip> \n
              Regards,\n
              Fail2Ban" | <mailcmd> <destination>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = printf %%b "Subject: [Fail2Ban] <name>: UNBANNED IP <ip>
              Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
              From: <sendername> <<sender>>
              To: <destination>\n
              Hi,\n
              Fail2ban has unbanned ip https://db-ip.com/<ip> successfully. \n
              Regards,\n
              Fail2Ban" | <mailcmd> <destination>

[Init]

# Your system mail command
#
mailcmd = /usr/bin/msmtp -a default
/etc/fail2ban/action.d/msmtp-whois.conf

This fail2ban action will send an email notification whenever IPs get banned or unbanned.

Open your /etc/fail2ban/jail.local 

nano /etc/fail2ban/jail.local

add the following in the [DEFAULT] section, if you want to send email notifications to all jails:

[DEFAULT]
...
mta = msmtp
action = %(action_mw)s[from=noreply@mydomain.com, sender=noreply@mydomain.com, destination=myother@otherdomain.com, sendername=Fail2Ban]

Note

  • From and Sender: The email account it sends from
  • Destination: Where you want to send the notification.
  • Sendername: Name of the sender

But if you want to send email notifications in only one specific jail, add action to the [jail] section.

Step 3: Let's try it out

I use this cf-wplogin jail from Fail2ban with Cloudflare tutorial to test.

Email result

Fail2ban successfully sends email notifications, and the email result will look like this:

Banned IP email
Unbanned IP email

-problem: At this time I posted (20/03/2023) Gmail not receiving any my msmtp email, I am still this figuring out

Reference:

If you guys are interested more about configuring fail2ban notifications, you may read fail2ban notifications to pushover, telegram, or even to discord!

Thank you for reading!