[Pkg-exim4-users] Exim not playing with Fail2Ban on Debian Wheezy i386

Sat Jun 7 18:55:49 UTC 2014

I am much more familiar with Postfix, so please forgive me if I have
done something really silly.

I have a server with, amongst other things, exim4, logwatch and
fail2ban on it. The latter two are the only things that send mail and
nothing receives any. Because of this, I went for the simplest
'connected all the time' setup I could find in the documentation:

# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='internet'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

Logwatch is sending mail fine:

/etc/logwatch/conf/override.conf

# Mail results to me, rather than sending to stdout
logwatch: Output = mail
logwatch: MailTo = ian at example.com

/var/log/exim4/mainlog

2014-06-07 07:24:51 Start queue run: pid=16329
2014-06-07 07:24:51 End queue run: pid=16329
2014-06-07 07:37:53 1WtB9c-0004If-My <= root at example2.com U=root P=local S=39747
2014-06-07 07:37:53 1WtB9c-0004If-My => ian at example.com R=dnslookup
T=remote_smtp H=mail.example.com [12.34.56.78]
X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
DN="C=GB,ST=Nottinghamshire,L=Newark,O=example,CN=mail.example.com,EMAIL=postmaster at example.com"
2014-06-07 07:37:53 1WtB9c-0004If-My Completed
etc

But Fail2Ban isn't. If I tell it to use the sendmail method, it
generates errors in the fail2ban log files and no mail is sent

/etc/fail2ban/jail.local

mta = sendmail

/var/log/fail2ban.log

2014-06-03 18:43:20,213 fail2ban.jail : INFO Jail 'ssh' started
2014-06-03 18:43:20,263 fail2ban.actions.action: ERROR printf %b
"Subject: [Fail2Ban] ssh: started
Date: `date -u +"%a, %d %h %Y %T +0000"`
From: Fail2Ban <fail2ban>
To: ian at example.com\n
Hi,\n
The jail ssh has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f fail2ban ian at example.com returned 8b00

But if I do..

echo "Hello me" | sendmail -f fail2ban ian at example.com

at the command line, which is basically what the Python script of
fail2ban does (and the Perl of logwatch) it works.

If I tell fail2ban to use the old mail protocol, it appears to work,
but nothing actually gets sent because the sendmail emulation
segfaults:

/etc/fail2ban/jail.local

mta = sendmail

/var/log/exim4/mainlog

(nothing)

/var/log/syslog

Jun 7 08:44:19 example2 kernel: [320629.730862] sendmail[17581]:
segfault at bf98a3f4 ip b767acad sp bf98a2c0 error 6 in
exim4[b7670000+df000]
Jun 7 08:46:12 example2 kernel: [320742.561156] sendmail[17629]:
segfault at bf972034 ip b763acad sp bf971f00 error 6 in
exim4[b7630000+df000]

etc (the address varies, I presume because it's loaded at different
places in memory)

What am I doing wrong?

  Ian