mirror of https://github.com/fail2ban/fail2ban
Add support for TLS SMTP connections.
parent
6fb89d1709
commit
419e380870
|
@ -21,6 +21,7 @@ ver. 1.0.3-dev-1 (20??/??/??) - development nightly edition
|
|||
if available for platform and uses DNS to find local IPv6 as a fallback only
|
||||
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
|
||||
* `action.d/mikrotik.conf` - new action for mikrotik routerOS, adds and removes entries from address lists on the router (gh-2860)
|
||||
* `action.d/smtp.py` - added optional support for TLS connections via the `ssl` arg.
|
||||
* `filter.d/exim.conf` - fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502)
|
||||
* `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226)
|
||||
* `filter.d/sshd.conf`:
|
||||
|
|
|
@ -75,7 +75,7 @@ class SMTPAction(ActionBase):
|
|||
"""
|
||||
|
||||
def __init__(
|
||||
self, jail, name, host="localhost", user=None, password=None,
|
||||
self, jail, name, host="localhost", ssl=False, user=None, password=None,
|
||||
sendername="Fail2Ban", sender="fail2ban", dest="root", matches=None):
|
||||
"""Initialise action.
|
||||
|
||||
|
@ -88,6 +88,8 @@ class SMTPAction(ActionBase):
|
|||
host : str, optional
|
||||
SMTP host, of host:port format. Default host "localhost" and
|
||||
port "25"
|
||||
ssl : bool, optional
|
||||
Whether to use TLS for the SMTP connection or not. Default False.
|
||||
user : str, optional
|
||||
Username used for authentication with SMTP server.
|
||||
password : str, optional
|
||||
|
@ -109,7 +111,7 @@ class SMTPAction(ActionBase):
|
|||
super(SMTPAction, self).__init__(jail, name)
|
||||
|
||||
self.host = host
|
||||
#TODO: self.ssl = ssl
|
||||
self.ssl = ssl
|
||||
|
||||
self.user = user
|
||||
self.password =password
|
||||
|
@ -155,10 +157,19 @@ class SMTPAction(ActionBase):
|
|||
msg['To'] = self.toaddr
|
||||
msg['Date'] = formatdate()
|
||||
|
||||
smtp = smtplib.SMTP()
|
||||
smtp = smtplib.SMTP(self.host)
|
||||
try:
|
||||
self._logSys.debug("Connected to SMTP '%s', response: %i: %s",
|
||||
self.host, *smtp.connect(self.host))
|
||||
|
||||
if self.ssl: # pragma: no cover
|
||||
tls_result = smtp.starttls()[0];
|
||||
if tls_result != 220: # pragma: no cover
|
||||
self._logSys.error(
|
||||
"Failed to starttls() on '%s' for user '%s': %s",
|
||||
self.host, self.user, tls_result)
|
||||
raise Exception("Failed to starttls()")
|
||||
|
||||
if self.user and self.password: # pragma: no cover (ATM no tests covering that)
|
||||
smtp.login(self.user, self.password)
|
||||
failed_recipients = smtp.sendmail(
|
||||
|
|
Loading…
Reference in New Issue