Skip to content

Instantly share code, notes, and snippets.

@r15ch13

r15ch13/mailgun-common.conf

Last active November 1, 2018 19:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save r15ch13/68a3a01e16ab40b0b16d6e7f49983e93 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save r15ch13/68a3a01e16ab40b0b16d6e7f49983e93 to your computer and use it in GitHub Desktop.
Download ZIP
Fail2Ban Mailgun MTA Actions
Raw
readme.md

Mailgun MTA for Fail2Ban

Dropin replacement for Fail2Ban sendmail mta.

Installation

  1. Copy all *.conf files to /etc/fail2ban/action.d.

  2. Create /etc/fail2ban/action.d/mailgun-common.local with the folling content:

    [Init]
# Mailgun API Key
#
apikey = YOUR_API_KEY

# Sender name (<sendername> <sender>@<domain>)
#
sender = fail2ban

# Sender domain (<sendername> <sender>@<domain>)
#
domain = YOUR_DOMAIN_NAME

# Sender display name (<sendername> <sender>@<domain>)
#
sendername = Fail2Ban

# Mailgun testmode
#
testmode = False

  3. Change mta in your jails.local to mailgun

  4. Reload fail2ban (fail2ban-client reload)

Raw
mailgun-common.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
# Common settings for mailgun actions
# Users can override the defaults in mailgun-common.local
[INCLUDES]
after = mailgun-common.local
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = <mailgun> -F subject="[Fail2Ban] <name>: started on `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: started on `uname -n`</title></head><body>
<p>Hi,</p>
<p>The jail <name> has been started successfully.</p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = <mailgun> -F subject="[Fail2Ban] <name>: stopped on `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: stopped on `uname -n`</title></head><body>
<p>Hi,</p>
<p>The jail <name> has been stopped.</p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban =
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
[Init]
# Recipient mail address
#
dest = root
# Mailgun API Key
#
apikey = YOUR_API_KEY
# Sender name (<sendername> <sender>@<domain>)
#
sender = fail2ban
# Sender domain (<sendername> <sender>@<domain>)
#
domain = YOUR_DOMAIN_NAME
# Sender display name (<sendername> <sender>@<domain>)
#
sendername = Fail2Ban
# Mailgun testmode
#
testmode = False
# Mailgun command
#
mailgun = curl -s --user 'api:<apikey>' https://api.mailgun.net/v3/<domain>/messages -F from='<sendername> <<sender>@<domain>>' -F to='<dest>' -F o:testmode=<testmode>
Raw
mailgun-whois-ipjailmatches.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Here is more information about <ip> :</p>
<p><pre>`/usr/bin/whois <ip> || echo missing whois program`</pre></p>
<p>Matches for <name> with <ipjailfailures> failures IP:<ip></p>
<p><pre><ipjailmatches></pre></p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
Raw
mailgun-whois-ipmatches.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Here is more information about <ip> :</p>
<p><pre>`/usr/bin/whois <ip> || echo missing whois program`</pre></p>
<p>Matches with <ipfailures> failures IP:<ip></p>
<p><pre><ipmatches></pre></p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
Raw
mailgun-whois-lines.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Here is more information about <ip> :</p>
<p><pre>`/usr/bin/whois <ip> || echo missing whois program`</pre></p>
<p>Lines containing IP:<ip> in <logpath></p>
<p><pre>`grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`</pre></p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
# Path to the log files which contain relevant lines for the abuser IP
#
logpath = /dev/null
# Number of log lines to include in the email
#
grepopts = -m 1000
Raw
mailgun-whois-matches.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Here is more information about <ip> :</p>
<p><pre>`/usr/bin/whois <ip> || echo missing whois program`</pre></p>
<p>Matches:</p>
<p><pre><matches></pre></p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
Raw
mailgun-whois.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Here is more information about <ip> :</p>
<p><pre>`/usr/bin/whois <ip> || echo missing whois program`</pre></p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
Raw
mailgun.conf
# Fail2Ban configuration file
#
# Author: Richard Kuhnt
#
#
[INCLUDES]
before = mailgun-common.conf
[Definition]
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = <mailgun> -F subject="[Fail2Ban] <name>: banned <ip> from `uname -n`" -F html="
<html><head><title>[Fail2Ban] <name>: banned <ip> from `uname -n`</title></head><body>
<p>Hi,</p>
<p>The IP <ip> has just been banned by Fail2Ban after</p>
<p><failures> attempts against <name>.</p>
<p>Regards,<br/>Fail2Ban</p>
</body></html>"
[Init]
# Default name of the chain
#
name = default
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment