CentOS 8 - Possible fix if sendmail actions prevent Fail2Ban from starting

ramin · June 8, 2020, 3:36pm

After a fresh Virtualmin/Webmin installation, Fail2Ban wouldn’t start if an email action was set (e.g., action_mw or action_mwl).

systemctl status fail2ban
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,868 fail2ban.jailsreader    [11334]: ERROR   Errors in jail 'proftpd'. Skipping...
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,877 fail2ban.jailreader     [11334]: ERROR   Unable to read action 'sendmail-whois-lines'
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,878 fail2ban.jailsreader    [11334]: ERROR   Errors in jail 'postfix'. Skipping...
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,885 fail2ban.jailreader     [11334]: ERROR   Unable to read action 'sendmail-whois-lines'
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,885 fail2ban.jailsreader    [11334]: ERROR   Errors in jail 'dovecot'. Skipping...
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,891 fail2ban.jailreader     [11334]: ERROR   Unable to read action 'sendmail-whois-lines'
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,891 fail2ban.jailsreader    [11334]: ERROR   Errors in jail 'postfix-sasl'. Skipping...
May 27 15:33:52 host fail2ban-server[11334]: 2020-05-27 15:33:52,901 fail2ban                [11334]: ERROR   Async configuration of server failed
May 27 15:33:52 host systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/n/a
May 27 15:33:52 host systemd[1]: fail2ban.service: Failed with result 'exit-code'.

To get it running I’d revert back to the default action that skips sending emails (action_).

Long and tedious story shortened, there was a missing component that turned up after lots of searching and installing the EPEL repo.

dnf search fail2ban
yada yada bingo
dnf info fail2ban-sendmail

Name         : fail2ban-sendmail
Version      : 0.11.1
Release      : 6.el8
Architecture : noarch
Size         : 12 k
Source       : fail2ban-0.11.1-6.el8.src.rpm
Repository   : @System
From repo    : epel
Summary      : Sendmail actions for Fail2Ban
URL          : http://fail2ban.sourceforge.net/
License      : GPLv2+
Description  : This package installs Fail2Ban's sendmail actions.  This is the
             : default mail actions for Fail2Ban.

Evidently this should have been installed as part of the full source package, not sure why it wasn’t.

After running

dnf install fail2ban-sendmail

Fail2Ban fired up with a mail action set, no errors and the ssh ban notices started streaming in. MTA needs to be set to sendmail in /etc/fail2ban/jail.local.

ramin · June 13, 2020, 7:25pm

Update: This problem couldn’t be reproduced on the same system. Fail2ban has been reinstalled twice from Webmin and the fail2ban-sendmail package installed both times. The original problem was apparently a fluke or repo hiccup during Virtualmin’s installation.

system · July 13, 2020, 7:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.