The servers I administer are on Amazon cloud, and there are often problems with outgoing emails and sendmail, so for a quick fix to add outgoing email support to scripts, I’m okay with using sendEmail, a small Python SMTP email client for use with Bash and Python scripts.
Here’s a very simple tutorial on setting this up with Ubuntu which does the job for me.
To get this working with Fail2Ban, we need to make a couple of changes to /etc/fail2ban/jail.local, and add a new action. I did it this way:
# Comment out sendmail as the MTA, and add sendEmail # mta = sendmail mta = sendEmail # I use the 'multi-line with whois' action, so I change the action for the jail in question action = %(action_mwl)s
A new file at /etc/fail2ban/action.d/sendEmail-whois-lines.conf
[Definition] actionstart = /usr/bin/sendEmail -f <sender> -t <dest> -s <smtp> -xu <sender> -xp <password> -u "[Fail2Ban] <servername> <name>: started" -m "The jail <name> has been started successfully.\n\nFail2Ban" actionstop = /usr/bin/sendEmail -f <sender> -t <dest> -s <smtp> -xu <sender> -xp <password> -u "[Fail2Ban] <servername> <name>: stopped" -m "The jail <name> has been stopped.\n\nFail2Ban" actioncheck = actionban = /usr/bin/sendEmail -f <sender> -t <dest> -s <smtp> -xu <sender> -xp <password> -u "[Fail2Ban] <servername> <name>: banned <ip>" -m "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\nHere is more information about <ip>:\n `/usr/bin/whois <ip>`\n\n Lines containing IP:<ip> in <logpath>\n`/bin/grep '\<<ip>\>' <logpath>`\n\n\n\nFail2Ban" actionunban = [Init] # Amended to be the same as the SMTP user sender = email@example.com # Added # SMTP password for user password = XXXXXXX # SMTP server - use port 587 for Google rather than 25 (times out too often) or 465 (crashes sendEmail) smtp = smtp.googlemail.com:587 # Name for this server - handy when there are lots of servers sending emails to the destemail servername = MyServer
So, the main drawback here is the plain text password. But this is nothing that doesn’t happen with other scripts with open config files, like s3cmd. Filters with passwords in them can be “chmod 600” to improve security slightly.