Fail2Ban monitor bans the offender IP after a certain number of unauthorized login attempts to the server and by default, each time when a ban takes place, a notification email reaches the root email address like:
“The IP 123.075.xxx.xxx has just been banned by Fail2Ban ...”
For disabling the repeated fail2ban notifications, follow the steps below:
1. Check the fail2ban status
# service fail2ban status
fail2ban-server (pid 31196) is running...
Status
|- Number of jail: 1
`- Jail list: ssh-iptables
Only 1 jail is currently configured by Fail2ban.
2. Edit /etc/fail2ban/jail.conf
#vim /etc/fail2ban/jail.conf
Navigate to the section [ssh-iptables]. You may find lines like:
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath = /var/log/secure
maxretry = 5
Remove “sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]” and the customer will stop receiving the system generated emails from fail2ban@example.com at the root email address.
Do this for all the jail entries and the notifications will be disabled for once and all
