-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail2ban email via SMTP fails #78
Comments
The |
@altafkassam Can you try setting |
I see now an issue, fixed in #79. Not really a fix for you @altafkassam, but might make it easier to understand the SMTP settings. |
Setting SMTP_TLS=NO did not resolve my issue. I get the same type of error after modifying .env and running docker-compose up: 2023-11-07 08:56:27,463 fail2ban.utils [1]: ERROR 7e43b016c4e0 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465' |
I tried changing the SMTP port to 587 and leaving SMTP_TLS=YES and got fail2ban to send me emails. However, now bit warden throws the following error when it attempts to send email: [2023-11-07 10:00:48.610][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354: my .env config is: SMTP_HOST=smtp.gmail.com |
I solved the issue. If you set BitWarden SMTP settings using the guidance in https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration and select SMTP_PORT=465 and SMTP_SECURITY=force_tls, fail2ban will fail to send emails whether you set SMTP_TLS=YES or SMTP_TLS=NO My solution was to configure SMTP via Google/Gmail like this: |
As I understand it, force_tls can be more secure than starttls, maybe that's why they recommend it? But my SMTP provider didn't like force_tls. The Regardless, I'm glad to hear it's working. |
I configured fail2ban to allow the sending of email as described in Wiki, however, errors are displayed in the fail2ban.log. SMTP is set up correctly in .env as I get emails from my Bitwarden instance. Here's the error (gmail email removed):
2023-10-24 11:29:17,129 fail2ban.utils [1]: ERROR 79d8f4523290 -- exec: printf %b "Subject: [Fail2Ban] bitwarden-admin: started on vaultwarden.us-west1-c.c.main-depot-401221.internal
Date:
LC_ALL=C date +"%a, %d %h %Y %T %z"
From: Fail2Ban -------@gmail.com
To: -----@gmail.com\n
Hi,\n
The jail bitwarden-admin has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f "-----@gmail.com" "------@gmail.com"
2023-10-24 11:29:17,129 fail2ban.utils [1]: ERROR 79d8f4523290 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465'
2023-10-24 11:29:17,130 fail2ban.utils [1]: ERROR 79d8f4523290 -- returned 1
2023-10-24 11:29:17,130 fail2ban.actions [1]: ERROR Failed to start jail 'bitwarden-admin' action 'sendmail-whois-lines': Error starting action Jail('bitwarden-admin')/sendmail-whois-lines: 'Script error'
2023-10-24 11:29:27,160 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- exec: printf %b "Subject: [Fail2Ban] bitwarden: started on vaultwarden.us-west1-c.c.main-depot-401221.internal
Date:
LC_ALL=C date +"%a, %d %h %Y %T %z"
From: Fail2Ban -----@gmail.com
To: -----@gmail.com\n
Hi,\n
The jail bitwarden has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f "-----@gmail.com" "-----@gmail.com"
2023-10-24 11:29:27,161 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- stderr: 'sendmail: Cannot open smtp.gmail.com:465'
2023-10-24 11:29:27,161 fail2ban.utils [1]: ERROR 79d8f3dc84e0 -- returned 1
2023-10-24 11:29:27,161 fail2ban.actions [1]: ERROR Failed to start jail 'bitwarden' action 'sendmail-whois-lines': Error starting action Jail('bitwarden')/sendmail-whois-lines: 'Script error'
I'm using the following SMTP configuration in .env (only displaying the most relevant parameters:
SMTP_PORT=465
SMTP_USERNAME=-----@gmail.com
SMTP_PASSWORD=--------------
SMTP_SECURITY=force_tls
For fail2ban, YES or NO
SMTP_TLS=YES
The text was updated successfully, but these errors were encountered: