Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all).

config/action.d/complain.conf

@@ -34,6 +34,9 @@ before = helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -58,8 +61,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            oifs=${IFS}; 
+actionban = oifs=${IFS}; 
               IFS=.; SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); 
               IFS=,; ADDRESSES=$(echo $ADDRESSES)
             IFS=${oifs}

config/action.d/dshield.conf

@@ -26,12 +26,11 @@
 # configure how often the buffer is flushed).
 #
 
-[INCLUDES]
-
-before = helpers-common.conf
-
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -68,8 +67,7 @@ actioncheck =
 # few seconds out, are incorrect. See
 # http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
 #
-actionban = %(_bypass_if_restored)s
-            TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
+actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
             DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
 	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
 	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
@@ -96,8 +94,7 @@ actionban = %(_bypass_if_restored)s
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = %(_bypass_if_restored)s
-              if [ -f <tmpfile>.first ]; then
+actionunban = if [ -f <tmpfile>.first ]; then
                   NOW=`date +%%s`
                   LOGAGE=$(($NOW - `cat <tmpfile>.first`))
                   if [ $LOGAGE -gt <maxbufferage> ]; then

config/action.d/mail-buffered.conf

@@ -4,13 +4,11 @@
 #
 #
 
-[INCLUDES]
-
-before = helpers-common.conf
-
-
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -50,8 +48,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
             LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
             if [ $LINE -ge <lines> ]; then
                 printf %%b "Hi,\n

config/action.d/mail-whois-lines.conf

@@ -11,6 +11,9 @@ before = mail-whois-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -53,8 +56,7 @@ _ban_mail_content = ( printf %%b "Hi,\n
             Regards,\n
             Fail2Ban" )
 
-actionban = %(_bypass_if_restored)s
-            %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> from  `uname -n`" <dest>
+actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> from  `uname -n`" <dest>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the

config/action.d/mail-whois.conf

@@ -7,10 +7,12 @@
 [INCLUDES]
 
 before = mail-whois-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -41,8 +43,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Hi,\n
+actionban = printf %%b "Hi,\n
             The IP <ip> has just been banned by Fail2Ban after
             <failures> attempts against <name>.\n\n
             Here is more information about <ip> :\n

config/action.d/mail.conf

@@ -4,12 +4,11 @@
 #
 #
 
-[INCLUDES]
-
-before = helpers-common.conf
-
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -40,8 +39,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Hi,\n
+actionban = printf %%b "Hi,\n
             The IP <ip> has just been banned by Fail2Ban after
             <failures> attempts against <name>.\n
             Regards,\n

config/action.d/sendmail-buffered.conf

@@ -7,10 +7,12 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
@@ -59,8 +61,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
             LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
             if [ $LINE -ge <lines> ]; then
                 printf %%b "Subject: [Fail2Ban] <name>: summary from `uname -n`

config/action.d/sendmail-geoip-lines.conf

@@ -11,6 +11,9 @@ before = sendmail-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  Command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
@@ -20,8 +23,7 @@ before = sendmail-common.conf
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail-whois-ipjailmatches.conf

@@ -7,18 +7,19 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail-whois-ipmatches.conf

@@ -7,18 +7,19 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail-whois-lines.conf

@@ -11,14 +11,16 @@ before = sendmail-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail-whois-matches.conf

@@ -7,18 +7,19 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail-whois.conf

@@ -7,18 +7,19 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/sendmail.conf

@@ -7,18 +7,19 @@
 [INCLUDES]
 
 before = sendmail-common.conf
-         helpers-common.conf
 
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = %(_bypass_if_restored)s
-            printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n

config/action.d/smtp.py

@@ -126,6 +126,9 @@ class SMTPAction(ActionBase):
 			bantime = self._jail.actions.getBanTime,
 			)
 
+		# bypass ban/unban for restored tickets
+		self.norestored = 1
+
 	def _sendMessage(self, subject, text):
 		"""Sends message based on arguments and instance's properties.
 

config/action.d/xarf-login-attack.conf

@@ -30,20 +30,18 @@
 #
 #
 
-[INCLUDES]
-
-before = helpers-common.conf
-
 [Definition]
 
+# bypass ban/unban for restored tickets
+norestored = 1
+
 actionstart =
 
 actionstop =
 
 actioncheck =
 
-actionban = %(_bypass_if_restored)s
-            oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
+actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs}
             IP=<ip>
             FROM=<sender>
             SERVICE=<service>