What I would do is the following:
First thing is to copy all action.d/sendmail-*.conf
files to action.d/msmtp-*.conf
files:
for file in /etc/fail2ban/action.d/sendmail*.conf; do cp "$file" "${file/sendmail/msmtp}"; done
Next step is to change the occurrences of before = sendmail
to before = msmtp
in the action.d/msmtp-*.conf
files:
sed -i 's/before = sendmail/before = msmtp/' /etc/fail2ban/action.d/msmtp-*.conf
This will correct the references to other sendmail configuration files like before = sendmail-common.conf
.
Followed by changing all occurrences of sendmail -f <sender>
to msmtp
in action.d/msmtp-*.conf
:
sed -i 's/sendmail -f <sender>/msmtp/p' /etc/fail2ban/action.d/msmtp-*.conf
This will correct the lines where sendmail
is called like Fail2Ban | /usr/sbin/sendmail -f <sender> <dest>
.
The final step is changing the mta = msmtp
in the action.d/jail.conf
file.
Then reload fail2ban to test whether these modifications work.
Another thing to keep in mind is the user context of fail2ban with respect to the msmtp configuration. If you have a local msmtprc
file configured, it might not be applied when fail2ban tries to run msmtp due to other user context. In that case, configure msmtp with a global configuration, or create a separate configuration for the user that runs fail2ban.
One solution has already occurred to me, but it's...a little hackish imo. Create the following file and run it. It relies on the f2b entries--and no others--all having "f2b" in them, and this script being run rather than iptables-save
directly...
~/bin£ cat saveFilteredIptables.sh
#!/usr/bin/zsh
sudo iptables-save | perl -ne 'print if !/f2b/'
~/bin£
Best Answer
See whitelisting on the fail2ban website:
Another reference here: