How to add email notifications to Fail2ban¶
Following up an my other two post about Fail2ban notifications, that you can read here: Adding ban/unban notifications from Fail2Ban to Discord! and hereAdding ban/unban notifications from Fail2Ban to Pushover! I recently got email notifications working (Thank you count_confucius) and thought I'd share how to get that working!
Adding the action¶
I am using the linuxserver swag container in this guide. https://github.com/linuxserver/docker-swag
Go into your
/action.d folder and copy and rename
sendmail-whois.local. Edit the file and replace the
actionban and add the
actionunban with the code below:
actionban = printf %%b "Subject:🕵️ [Fail2Ban] <name>: BANNED IP <ip>! 🔨 Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <sendername> <<sender>> To: <destination>\n Hi,\n The jail <name> has banned ip <ip> after <failures> attempts against <name>.\n Here is some info about the IP: https://db-ip.com/<ip> \n Lines containing IP <ip>: \n `grep '<ip>' <logpath>` \n Regards,\n Fail2Ban" | /usr/sbin/sendmail -t -v -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -au<from> -ap<password> <destination> actionunban = printf %%b "Subject:🔔 [Fail2Ban] <name>: UNBANNED IP <ip> ✅ Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <sendername> <<sender>> To: <destination>\n Hi,\n Fail2ban has unbanned ip https://db-ip.com/<ip> successfully. \n Regards,\n Fail2Ban" | /usr/sbin/sendmail -t -v -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -au<from> -ap<password> <destination>
NOTE: If you don't use gmail you need to update the smtp address in the code!
Next save the file and copy and rename the
sendmail-common.conf file to
sendmail-common.local We have to edit this file or else we'll get a lot of errors in the Fail2ban log about failing to send jail startup and shutdown emails.
sendmail-common.local file remove everything after
actionstart = and
If you want emails on start and stop, add the code above and just change the subject and body of the email.
In your jail.local file add the following in the
banaction = iptables-allports action = %(action_mw)s[from=[email protected], password=secretpassword, destination=[email protected], sendername=Fail2Ban]
Let's break down the mail action. from = The email account it sends from. password = The password to the sender account. destination = Where you want to send the notification. sendername = Name of the sender.
iptables-allports is needed because if you only have the send mail action it will override the action that updates the iptables! So it won't ban the IP without it.
If you only want to add the mail notification to a specific jail you can add it to just that specific jail. On
[DEFAULT] it will be default on every jail in
Lastly you need to restart fail2ban and try and ban yourself.
The email will look like this: