Fail2ban emails banned on "localhost"

bksales · December 10, 2019, 9:36pm

I have one stubborn PBX that keeps saying this and I don’t know why.

The notifications settings and hostname are set in Sysadmin, I dug through the Advanced Settings to make sure I’m not missing anything there, and the from string is correct. I found some other threads referencing the various files in /etc/fail2ban but I cant find anything there mentioning localhost. I restarted postfix, asterisk, the firewall, and even the entire PBX with no change. I assume this is some simple setting somewhere that got changed but I need some help here.

Thanks.

FreePBX 14.0.13.12

PitzKey · December 11, 2019, 11:40am

We usually don’t have fail2ban emails enabled, but we received an email yesterday from one of our FreePBX 14 servers, and it did include the correct hostname.

bksales · December 12, 2019, 1:12am

Interesting. The fail2ban emails behave differently for SIP vs SSH (correct hostname covered in the second email).

PitzKey · December 12, 2019, 11:40pm

I’d recommend to not have SSH open publicly, even with fail2ban in place.

bksales · December 14, 2019, 12:22am

I think that’s a result of having the responsive firewall on. The SSH service is set to only allow people listed in the networks page.

system · December 21, 2019, 12:22am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.