fail2ban uses its action configuration to send email notifications through your system's MTA (Mail Transfer Agent). The most common setup uses sendmail command, but it can be configured to work with other MTAs like Postfix or Exim.
First, verify your jail.local contains proper email settings:
# /etc/fail2ban/jail.local [DEFAULT] destemail = admin@yourdomain.com sender = fail2ban@yourdomain.com mta = sendmail action = %(action_mwl)s
Create a custom action file to test notifications:
# /etc/fail2ban/action.d/testmail.conf [Definition] actionstart = echo "fail2ban started" | mail -s "fail2ban startup notification"actionstop = echo "fail2ban stopped" | mail -s "fail2ban shutdown notification" actioncheck = actionban = actionunban =
You can manually trigger test emails by restarting fail2ban:
sudo systemctl restart fail2ban
Or create a test jail that triggers on demand:
# /etc/fail2ban/jail.d/testmail.conf [testmail] enabled = true filter = action = testmail logpath = /dev/null
If emails aren't arriving:
- Check system mail logs:
journalctl -u postfix(or your MTA) - Test MTA independently:
echo "test" | mail -s "test" your@email.com - Verify fail2ban logs:
tail -f /var/log/fail2ban.log
For more control, create a bash script:
#!/bin/bash # /usr/local/bin/fail2ban-mailer.sh SUBJECT="fail2ban $1 notification" BODY="fail2ban service has $1 at $(date)" echo "$BODY" | mail -s "$SUBJECT" admin@yourdomain.com
Then configure your action:
actionstart = /usr/local/bin/fail2ban-mailer.sh start actionstop = /usr/local/bin/fail2ban-mailer.sh stop
<h2>Understanding fail2ban Email Configuration</h2>
<p>Before testing email notifications, ensure your fail2ban is properly configured for SMTP. Here's a typical jail.local configuration snippet:</p>
<pre><code>[DEFAULT]
# Email settings
destemail = admin@yourdomain.com
sender = fail2ban@yourdomain.com
mta = sendmail
action = %(action_mwl)s
</code></pre>
<h2>Manual Trigger Testing Method</h2>
<p>The most reliable way to test email functionality is by manually triggering fail2ban events:</p>
<pre><code># Restart fail2ban to trigger startup notification
sudo systemctl restart fail2ban
# Check mail logs for delivery attempts
sudo tail -f /var/log/mail.log
</code></pre>
<h2>Creating a Test Jail for Email Verification</h2>
<p>For more controlled testing, create a dedicated test jail:</p>
<pre><code>[test-email]
enabled = true
filter = %(test-email.filter)s
logpath = /var/log/test-email.log
maxretry = 1
findtime = 60
bantime = 60
action = %(action_mwl)s
</code></pre>
<p>Then create a matching filter:</p>
<pre><code>[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Test email trigger.*$
ignoreregex =
</code></pre>
<h2>Forcing Email Notification with fail2ban-client</h2>
<p>Use fail2ban-client to directly test email sending:</p>
<pre><code>sudo fail2ban-client set <jailname> actionban "curl -s --user \
'api:YOUR_MAILGUN_API_KEY' \
https://api.mailgun.net/v3/YOUR_DOMAIN/messages \
-F from='fail2ban <fail2ban@yourdomain.com>' \
-F to=admin@yourdomain.com \
-F subject='[fail2ban] TEST: Banned <ip>' \
-F text='Test email body'"
</code></pre>
<h2>Debugging Email Delivery Issues</h2>
<p>If emails aren't received, check these critical points:</p>
<ul>
<li>Verify SMTP credentials in /etc/fail2ban/action.d/sendmail-*.conf</li>
<li>Test SMTP connectivity with telnet or swaks</li>
<li>Inspect fail2ban logs: sudo tail -f /var/log/fail2ban.log</li>
<li>Check mail queue: sudo mailq</li>
</ul>
<pre><code># Example SMTP test using telnet
telnet your.smtp.server 25
EHLO yourdomain.com
MAIL FROM: <fail2ban@yourdomain.com>
RCPT TO: <admin@yourdomain.com>
DATA
Subject: Test email
This is a test email.
.
QUIT
</code></pre>