Merge 8f6729a491 into 86b9adb2f5

2025-06-23 12:43:25 +00:00 · 2025-06-23 12:43:25 +00:00 · b80937f542
parent 86b9adb2f5 8f6729a491
commit b80937f542
1 changed files with 19 additions and 2 deletions
--- a/config/action.d/xarf-login-attack.conf
+++ b/config/action.d/xarf-login-attack.conf
@ -49,6 +49,8 @@ actionban = oifs=${IFS};
            IFS=${oifs}
            IP=<ip>
            FROM=<sender>
+            BCC=<bcc>
+            DONTSEND=<dontsend>
            SERVICE=<service>
            FAILURES=<failures>
            REPORTID=<time>@<fq-hostname>
@ -57,10 +59,17 @@ actionban = oifs=${IFS};
            DATE=`LC_ALL=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
            if [ ! -z "$ADDRESSES" ]; then
                oifs=${IFS}; IFS=,; ADDRESSES=$(echo $ADDRESSES)
-                IFS=${oifs}
+                IFS=${oifs}      
+                if [ ! -z "$DONTSEND" ]; then
+                    for ckaddr in "${DONTSEND[@]}"; do
+                        if [[ "$ADDRESSES" == *"$ckaddr"* ]]; then
+                           exit 0   
+                        fi
+                    done
+                 fi
                (printf -- %%b "<header>\n<message>\n<report>\n\n";
                 date '+Note: Local timezone is %%z (%%Z)';
-                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES
+                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES $BCC
            fi

 actionunban =
@ -141,3 +150,11 @@ sender = fail2ban@<fq-hostname>
 # Notes.:  This is the port number that received the login-attack
 port = 0

+# Option:  bcc
+# Notes:   Allows the user to specify a user to receive a copy of the email
+bcc =
+
+# Option:  dontsend
+# Notes:   Array of abuse emails to ignore.  Eg.
+# dontsend = ('email@one.com' 'email@two.com' 'email@three.com')
+dontsend =