On checking my logwatch this morning I noticed it’s full of bounce back relay issues for emails being sent to the following email addresses:
Where are these being generated from as I would like to stop them (or change the email address)
Hmm not sure why our email is there. We should not be getting emails on your fail2ban issues.
Go into sysadmin under intrusion detection and update the email where to send the fail2ban notices to.
I am rolling a new RPM to remove that email from the RPM. Not sure how it got in their in the first place but that email address is not valid.
I eventually found reference to them both in the fail2ban conf file. Once I set the ‘to and from’ email addresses in the system admin they got replaced.