[gentoo-user] duplicate email messages from fail2ban

[gentoo-user] duplicate email messages from fail2ban

[covici]

I have fail2ban set up and it works quite well, except for the fact that
whenever it sends me an Email, it always sends two copies.  Every night
when the logs rotate, it does this twice, once when t stops and once
when it restarts, and when it bans an ip it also sends two emails saying
so.

any ideas as to why this is so and how to fix?

Thanks in advance for any sugggestions.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] duplicate email messages from fail2ban

[Paul Hartman]

On Mon, Sep 26, 2011 at 9:45 PM,  <covici@ccs.covici.com> wrote:
> I have fail2ban set up and it works quite well, except for the fact that
> whenever it sends me an Email, it always sends two copies.  Every night
> when the logs rotate, it does this twice, once when t stops and once
> when it restarts, and when it bans an ip it also sends two emails saying
> so.
>
> any ideas as to why this is so and how to fix?
>
> Thanks in advance for any sugggestions.

The emails when the service is stopped and started can be disabled in
/etc/fail2ban/action.d/mail.conf (comment out the actionstart and
actionstop sections).

If you get multiple emails when someone is banned, it sounds like you
have more than one rule enabled that is being triggered by the same
event. For example, I think in the default jail.conf there's an ssh
rule that bans in the firewall as well as an ssh rule that writes to
hosts.deny.

I disabled all of the email alerts from fail2ban because I was getting
dozens up to hundreds of them per day, it seemed to be functioning
properly, and I was basically flooding my inbox. :)