Fail2ban email via SMTP fails #78
Comments
|
The |
|
@altafkassam Can you try setting |
|
I see now an issue, fixed in #79. Not really a fix for you @altafkassam, but might make it easier to understand the SMTP settings. |
|
Setting SMTP_TLS=NO did not resolve my issue. I get the same type of error after modifying .env and running docker-compose up: 2023-11-07 08:56:27,463 fail2ban.utils [1]: ERROR 7e43b016c4e0 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465' |
|
I tried changing the SMTP port to 587 and leaving SMTP_TLS=YES and got fail2ban to send me emails. However, now bit warden throws the following error when it attempts to send email: [2023-11-07 10:00:48.610][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354: my .env config is: SMTP_HOST=smtp.gmail.com |
|
I solved the issue. If you set BitWarden SMTP settings using the guidance in https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration and select SMTP_PORT=465 and SMTP_SECURITY=force_tls, fail2ban will fail to send emails whether you set SMTP_TLS=YES or SMTP_TLS=NO My solution was to configure SMTP via Google/Gmail like this: |
|
As I understand it, force_tls can be more secure than starttls, maybe that's why they recommend it? But my SMTP provider didn't like force_tls. The Regardless, I'm glad to hear it's working. |
I configured fail2ban to allow the sending of email as described in Wiki, however, errors are displayed in the fail2ban.log. SMTP is set up correctly in .env as I get emails from my Bitwarden instance. Here's the error (gmail email removed):
2023-10-24 11:29:17,129 fail2ban.utils [1]: ERROR 79d8f4523290 -- exec: printf %b "Subject: [Fail2Ban] bitwarden-admin: started on vaultwarden.us-west1-c.c.main-depot-401221.internal
Date:
LC_ALL=C date +"%a, %d %h %Y %T %z"From: Fail2Ban -------@gmail.com
To: -----@gmail.com\n
Hi,\n
The jail bitwarden-admin has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f "-----@gmail.com" "------@gmail.com"
2023-10-24 11:29:17,129 fail2ban.utils [1]: ERROR 79d8f4523290 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465'
2023-10-24 11:29:17,130 fail2ban.utils [1]: ERROR 79d8f4523290 -- returned 1
2023-10-24 11:29:17,130 fail2ban.actions [1]: ERROR Failed to start jail 'bitwarden-admin' action 'sendmail-whois-lines': Error starting action Jail('bitwarden-admin')/sendmail-whois-lines: 'Script error'
2023-10-24 11:29:27,160 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- exec: printf %b "Subject: [Fail2Ban] bitwarden: started on vaultwarden.us-west1-c.c.main-depot-401221.internal
Date:
LC_ALL=C date +"%a, %d %h %Y %T %z"From: Fail2Ban -----@gmail.com
To: -----@gmail.com\n
Hi,\n
The jail bitwarden has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f "-----@gmail.com" "-----@gmail.com"
2023-10-24 11:29:27,161 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465'
2023-10-24 11:29:27,161 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- returned 1
2023-10-24 11:29:27,161 fail2ban.actions [1]: ERROR Failed to start jail 'bitwarden' action 'sendmail-whois-lines': Error starting action Jail('bitwarden')/sendmail-whois-lines: 'Script error'
I'm using the following SMTP configuration in .env (only displaying the most relevant parameters:
SMTP_PORT=465
SMTP_USERNAME=-----@gmail.com
SMTP_PASSWORD=--------------
SMTP_SECURITY=force_tls
For fail2ban, YES or NO
SMTP_TLS=YES
The text was updated successfully, but these errors were encountered: