[CentOS] Fail2ban mail failures ???

Sat Dec 27 09:24:19 UTC 2014
Александр Кириллов <nevis2us at infoline.su>

>> I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
>> alerts sent to root's mail to be rejected. Here's a clip from one of
>> the
>> error messages:
>> 
>> 
>>         Message 48:
>>         From MAILER-DAEMON at lion.protogeek.org  Sun Dec 21 03:09:20 
>> 2014
>>         Return-Path: <MAILER-DAEMON at lion.protogeek.org>
>>         Date: Sun, 21 Dec 2014 03:09:19 -0600
>>         From: Mail Delivery Subsystem
>> <MAILER-DAEMON at lion.protogeek.org>
>>         To: postmaster at lion.protogeek.org
>>         Content-Type: multipart/report; report-type=delivery-status;
>>         	boundary="sBL97EKS003880.1419152959/lion.protogeek.org"
>>         Subject: Postmaster notify: see transcript for details
>>         Auto-Submitted: auto-generated (postmaster-notification)
>>         Status: R
>> 
>>         Part 1:
>> 
>>         The original message was received at Tue, 16 Dec 2014 03:09:17
>>         -0600
>>         from localhost
>>         with id sBG97E83025627
>> 
>>            ----- The following addresses had permanent fatal errors
>>         -----
>>         <fail2ban at example.com>
>> 
>>            ----- Transcript of session follows -----
>>         <fail2ban at example.com>... Deferred: Connection timed out with
>>         example.com.
>>         Message could not be delivered for 5 days
>>         Message will be deleted from queue
>>         ..........
>> 
>> 
>> 
>> I used to get the messages that are now being deleted after five days.
>> Any suggestions?
> 
> Check your /etc/fail2ban/jail.local /etc/fail2ban/jail.conf.
> You have to provide valid email addresses for dest= and sender=
> parameters in sendmail-whois or mail-whois actions for enabled jails.
> os.org/mailman/listinfo/centos
> 
> 
> Александр Кириллов,
> 
> I should have made it clear that this is all on one machine. The
> jail.conf file is the default from the fail2ban package. It used to 
> work
> perfectly, but now has the mail problem. All I've had to do for years 
> is
> install the fail2ban package, start it, and make it autostart whenever 
> I
> reboot. Now it's misbehaving in a way that puzzles me.

Robert,

If you never changed fail2ban defaults you probably had email aliases 
defined somewhere in your configurations. Whatever you had it was 
incorrect and it's not worth the effort to figure out why it ever worked 
if at all. The "right" way is to use email addresses in (at least 
locally) routable domains.

Alexander