Fail2ban emails

I keep getting emails from fail2ban. I thought I was set as the administrator but it must be going to another address. Dows this mean somone is attempting to hack my system?

I would appreciate and any help and advice so I do not get hacked and may continue to have a safe secure system.

Delivery to the following recipient failed permanently:

[email protected]

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain yourpbx.com by smtp.secureserver.net. [72.167.238.201].

The error that the other server returned was:
550 #5.1.0 Address rejected.

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=subject:from:to:message-id:date;
bh=to21McrkK/1VAug8v1+cNjHZOv4vvyHxZQkOdorbvxk=;
b=BJ5k9SNE/MyRgzuitPeBOtGqrUyAdyYq6Uj3sMJ9JmoOLs1BRPzDU9O6L0kqFhmEWe
N+9jbgHJkbMLq7qGnIT1l+nLdKSaa4MGWyrMIBId7yz0la04ZuPqvb8qShgrFI9XvRoc
4zO7eylcn7os01vWqZYfH+zCC9HNGl1w5Hccz2x8hOoTxW8DdZllIVVnKFbVACGnRgQ3
osRMILunsCC/kwbTXuYD6s3noVe6kOl7T6SvJteFb3sUnej60EY58cloNaKSkb0HvEh3
gpLojscVuis945esLIHbCCmPbKq6Km+gJ/OZD+PNlE3ND1EcN3ubG/uN9q24Zv93H6zo
PygQ==
X-Received: by 10.236.32.3 with SMTP id n3mr3252996yha.25.1379630831321;
Thu, 19 Sep 2013 15:47:11 -0700 (PDT)
Return-Path: [email protected]
Received: from localhost.localdomain
by mx.google.com with ESMTPSA id 9sm14068644yhe.21.1969.12.31.16.00.00
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Thu, 19 Sep 2013 15:47:09 -0700 (PDT)
Received: by localhost.localdomain (Postfix, from userid 0)
id 93CD53800E2; Thu, 19 Sep 2013 18:47:06 -0400 (EDT)
Subject: [Fail2Ban] SIP: banned 142.54.168.146
From: Fail2Ban [email protected]
To: [email protected]
Message-Id: [email protected]
Date: Thu, 19 Sep 2013 18:47:06 -0400 (EDT)

Hi,

The IP 142.54.168.146 has just been banned by Fail2Ban after
5 attempts against SIP.

Here are more information about 142.54.168.146:

[Querying whois.arin.net]
[whois.arin.net]

You need to set up your postfix, you seem to be relaying through google, but you probably can’t send email from them to

"[email protected]"

Might now be a bad idea to see if fail2ban is being triggered, besides fixing up your mail transport

#iptables -L -vn

or

#fail2ban-client status
e.g.

#fail2ban-client status asterisk-iptables

I am novice at this so please be patient. I purchased the sysadmin pro module to assist me with the email, and yes I could only get my google.mail account to be the one to send me emails. I can’t seem to get my existing mail server or the internal one of freepbx to send me mail user my account information I setup for my mail server. So helping me with the configuration would be great, e.g. where to go and what to set.

Sanjay: I can do what you ask but I am not sure what the reports will tell me, probably that someone is trying to access my server but not using the right information. What do those commands do and how should I use them?

Thank you for the assistance.

Table results below:

[[email protected] ~]# iptables -L -vn
Chain INPUT (policy ACCEPT 907K packets, 230M bytes)
pkts bytes target prot opt in out source destination
0 0 fail2ban-FTP tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
1077K 378M fail2ban-PBX-GUI tcp – * * 0.0.0.0/0 0.0.0.0/0
3954K 1089M fail2ban-SIP all – * * 0.0.0.0/0 0.0.0.0/0
9986 1360K fail2ban-BadBots tcp – * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
171 13605 fail2ban-SSH tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 736K packets, 196M bytes)
pkts bytes target prot opt in out source destination

Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
9986 1360K RETURN all – * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-FTP (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all – * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-PBX-GUI (1 references)
pkts bytes target prot opt in out source destination
1077K 378M RETURN all – * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SIP (1 references)
pkts bytes target prot opt in out source destination
3952K 1088M RETURN all – * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
171 13605 RETURN all – * * 0.0.0.0/0 0.0.0.0/0
[[email protected] ~]# fail2ban-client status
Status
|- Number of jail: 5
- Jail list: apache-badbots, apache-tcpwrapper, ssh-iptables, asterisk-iptables, vsftpd-iptables [[email protected] ~]# fail2ban-client status asterisk-iptables Status for the jail: asterisk-iptables |- filter | |- File list: /var/log/asterisk/fail2ban | |- Currently failed: 0 |- Total failed: 339
- action |- Currently banned: 0 |- IP list:
`- Total banned: 45

How do I know if its being triggered? How would you configure correctly?
Thank you for your assistance.

bump

are there any ideas or information for me on how to eliminate this error and get this sent to the proper email address?

Hmm looks you do have some banned but they are not appearing in iptables -L -vn…

strange.

As for email, can u send email out using cli? Forget fail2ban first…

Fail2ban logs its output to /var/log/fail2ban.

Restarting fail2ban resets the iptable chains it builds.

the email used are setup in

/etc/fail2ban/jail.conf

an excerpt

Destination email address used solely for the interpolations in

jail.{conf,local} configuration files.

destemail = [email protected]

I checked this and I dont know the IP 64.251… trying to access here but since less than 8 I didn’t receive any notice. Any advice for me or is it normal people trying to access?

[2013-09-30 03:41:02] Asterisk 11.5.1 built by root @ jenkins-el6-32.schmoozecom.net on a i686 running Linux on 2013-09-19 14:01:43 UTC
[2013-09-30 12:00:57] NOTICE[663] chan_sip.c: Registration from ‘“1” sip:[email protected]:5060’ failed for ‘64.251.13.24:5065’ - Wrong password
[2013-09-30 12:01:14] NOTICE[663] chan_sip.c: Registration from ‘“2” sip:[email protected]:5060’ failed for ‘64.251.13.24:5071’ - Wrong password
[2013-09-30 12:01:26] NOTICE[663] chan_sip.c: Registration from ‘“3” sip:[email protected]:5060’ failed for ‘64.251.13.24:5065’ - Wrong password
[2013-09-30 12:01:44] NOTICE[663] chan_sip.c: Registration from ‘“4” sip:[email protected]:5060’ failed for ‘64.251.13.24:5070’ - Wrong password
[2013-09-30 12:01:49] NOTICE[663] chan_sip.c: Registration from ‘“5” sip:[email protected]:5060’ failed for ‘64.251.13.24:5061’ - Wrong password
[2013-09-30 12:07:22] Asterisk 11.5.1 built by root @ jenkins-el6-32.schmoozecom.net on a i686 running Linux on 2013-09-19 14:01:43 UTC
[2013-09-30 12:07:22] NOTICE[12790] confbridge/conf_config_parser.c: Adding default_bridge profile to app_confbridge
[2013-09-30 12:07:22] NOTICE[12790] confbridge/conf_config_parser.c: Adding default_user profile to app_confbridge
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Connecting asteriskcdrdb
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: res_odbc: Connected to asteriskcdrdb [MySQL-asteriskcdrdb]
[2013-09-30 12:07:22] NOTICE[12790] iax2-provision.c: No IAX provisioning configuration found, IAX provisioning disabled.
[2013-09-30 12:07:22] NOTICE[665] chan_mgcp.c: Unable to load config mgcp.conf, MGCP disabled
[2013-09-30 12:07:22] NOTICE[12790] res_config_ldap.c: Cannot reload LDAP RealTime driver.
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Connecting asteriskcdrdb
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: res_odbc: Connected to asteriskcdrdb [MySQL-asteriskcdrdb]
[2013-09-30 12:07:22] NOTICE[12790] res_odbc.c: Registered ODBC class ‘asteriskcdrdb’ dsn->[MySQL-asteriskcdrdb]

How do you send email out using CLI? I thought sysadminpro was going to change or allow me to setup email easily from my GUI without having to make command line changes. Perhaps that is not correct. I would like to try and properly use email, and have the proper accounts so I can track messages sent out. Any assistance would be appreciate as I am a novice. I really like this system and would like to push it to clients, etc., great possibilities.

On my FreePBX system I found the email settings for Fail2Ban in /etc/fail2ban/jail.local