fail2ban / started / e-mail / disable

fail2ban / started / e-mail / disable

  • Written by Walter Doekes

  • Published on: 2015-01-10

Tired of the Fail2ban start and stop e-mails?

Especially after a manual fail2ban restart, the [Fail2Ban] vsftpd: stopped on HOSTNAME and [Fail2Ban] vsftpd: started on HOSTNAME mail tuple is too spammy.

Quick fix to disable them:

Create a new file, named /etc/fail2ban/actions.d/sendmail-no-start-stop.local:

diff --git /etc/fail2ban/action.d/sendmail-no-start-stop.local /etc/fail2ban/action.d/sendmail-no-start-stop.local
new file mode 100644
index 0000000..cb7ecb9
--- /dev/null
+++ /etc/fail2ban/action.d/sendmail-no-start-stop.local
@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

And — you’re using mta = sendmail right? — add that include to all sendmail-*.conf:

diff --git /etc/fail2ban/action.d/sendmail-buffered.conf /etc/fail2ban/action.d/sendmail-buffered.conf
index 80eb20a..5782b3b 100644
--- /etc/fail2ban/action.d/sendmail-buffered.conf
+++ /etc/fail2ban/action.d/sendmail-buffered.conf
@@ -7,6 +7,7 @@
 [INCLUDES]

 before = sendmail-common.conf
+after = sendmail-no-start-stop.local

 [Definition]

diff --git /etc/fail2ban/action.d/sendmail-whois-lines.conf /etc/fail2ban/action.d/sendmail-whois-lines.conf
index 5a331e2..d8c7280 100644
--- /etc/fail2ban/action.d/sendmail-whois-lines.conf
+++ /etc/fail2ban/action.d/sendmail-whois-lines.conf
@@ -7,6 +7,7 @@
 [INCLUDES]

 before = sendmail-common.conf
+after = sendmail-no-start-stop.local

 [Definition]

diff --git /etc/fail2ban/action.d/sendmail-whois.conf /etc/fail2ban/action.d/sendmail-whois.conf
index a65f987..10c3392 100644
--- /etc/fail2ban/action.d/sendmail-whois.conf
+++ /etc/fail2ban/action.d/sendmail-whois.conf
@@ -7,6 +7,7 @@
 [INCLUDES]

 before = sendmail-common.conf
+after = sendmail-no-start-stop.local

 [Definition]

diff --git /etc/fail2ban/action.d/sendmail.conf /etc/fail2ban/action.d/sendmail.conf
index 70f3832..835ed99 100644
--- /etc/fail2ban/action.d/sendmail.conf
+++ /etc/fail2ban/action.d/sendmail.conf
@@ -7,6 +7,7 @@
 [INCLUDES]

 before = sendmail-common.conf
+after = sendmail-no-start-stop.local

 [Definition]

Unfortunately placing the empty actionstart and actionstop in sendmail-common.local did not work as expected. The after called from before = sendmail-common.conf was still ran before the definitions we want to override.

So, we’re stuck with the above minimal change to four files. At least it’s less intrusive than commenting out the actionstart and actionstop in all of them.

Patch from /etc with -p2. Enjoy the silence in your inbox.


Back to overview Newer post: gitlab / upgrade / ruby / bundle Older post: git / gnutls / handshake failed / nginx ciphers