Fail2Ban - SendMail

SYSTEM INFORMATION
OS type and version Rocky Linux 9.1
Webmin version 2.001
Virtualmin version 7.3 Pro

Hi

Since I swapped to Rocky Linux 9 I can’t get fail2ban and sendmail to work together to send out mails.
On my old server I simply activated sendmail und the filter action jails and it simply worked but here simply no mail is send out.
I tested the command for sendmail (/usr/sbin/sendmail -f “” “”) just under ssh and it works well, just not from fail2ban

Here is from my jail.local file

[sshd]

enabled = true
port    = ssh
action = sendmail[name=sshd, dest=mailadresse]
        abuseipdb[abuseipdb_category=18,22]
        blocklist_de[]
        iptables-allports[]
maxretry = 3
findtime = 3h
bantime = 31d

sendmail.conf file

# Fail2Ban configuration file
#
# Author: Viktor Szépe
#
#

[INCLUDES]

before = sendmail-common.conf
         helpers-common.conf

[Definition]

# bypass ban/unban for restored tickets
norestored = 1

# Option:  actionban
# Notes.:  Command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
#          You need to install geoiplookup and the GeoLite or GeoIP databases.
#          (geoip-bin and geoip-database in Debian)
#          The host command comes from bind9-host package.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = ( printf %%b "Subject: [Fail2Ban GeoIP] <name>: banned <ip> from <fq-hostname>
        Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
        From: <sendername> <<sender>>
        To: <dest>\n
        Hi,\n
        The IP <ip> has just been banned by Fail2Ban after
        <failures> attempts against <name>.\n\n
        Here is more information about <ip> :\n
        http://bgp.he.net/ip/<ip>
        http://www.projecthoneypot.org/ip_<ip>
        http://whois.domaintools.com/<ip>\n\n
        Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
        AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
        hostname: <ip-host>\n\n
        Lines containing failures of <ip> (max <grepmax>)\n";
        %(_grep_logs)s;
        printf %%b "\n
        Regards,\n
        Fail2Ban" ) | <mailcmd>

[Init]

# Default name of the chain
#
name = default

# Path to the log files which contain relevant lines for the abuser IP
#
logpath = /dev/null

# Number of log lines to include in the email
#
#grepmax = 1000
#grepopts = -m <grepmax>

and than sendmail-common.conf

# Fail2Ban configuration file
#
# Common settings for sendmail actions
#
# Users can override the defaults in sendmail-common.local

[INCLUDES]

after = sendmail-common.local

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
              Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
              From: <sendername> <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | <mailcmd>

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#

actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | <mailcmd>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban =

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

[Init]

# Your system mail command
#
mailcmd = /usr/sbin/sendmail -f "<sender>" "<dest>"

# Recipient mail address
#
dest = mailadresse

# Sender mail address
#
sender = mailadresse

# Sender display name
#
sendername = Fail2Ban


inside /etc/fail2ban/jail.local
add the Default actions on top.

[DEFAULT]
ignoreip = 127.0.0.1/8 yourip.ifyou.want
findtime = 1800
maxretry = 3
bantime = 12h
mta = sendmail
action = %(action_mwl)s
destemail = your@emailaddress

Make sure you have whois installed on your server to get results of offending ip

edit: You can remove those added entries on your sshd. The Default setting will do this for all that you enabled.

Hi
that didn’t help… Those settings are already defined in jail.conf
But I investigated several hours to find out what is missing…
Had to configure my PostFix to send my mails out and not receiving them locally (my mail server is separated) but that wasn’t the issue but was good to finally do it lol…
But I had another system where I compared and found several files from Fail2Ban missing such like sendmail-whois.conf sendmail-buffered etc etc
I only had sendmail.conf and even sendmail-common I had to created.
I don’t know why so many files are missing on my installation but at the end after creating all of them with the values from the other system (not the same linux but …) it now works…

Did you perchance do a minimal install of Virtualmin on the box with the missing config?

I have had similar problems where centos installations did not have the complete files needed for sending email notifications. I suspect Rocky pulls from the same source perhaps?

Always ended up getting them from an ubuntu server. I think there are like 3 files missing if I am not mistaking.

Glad to see they got it up and running…

Regards