Menu
▾
▴
#76 Modify “sendmail-whois-lines.conf” action
Currently “sendmail-whois-lines.conf” uses “grep –m” to limit the number of matching lines included from a log with the whois information that is mailed. This results in only the first “n” matching lines of the log being included. In cases of repeat offenders, if you keep “grepmax” small so as limit the total number of log lines in the email, you end up with only the first matching lines which detail a past ban, not the current one. It would be nice if “sendmail-whois-lines.conf” could be modified so you could configure it to include only the last “n” matching lines of the log.
This was reimplemented in 0.10 using tail command (see https://github.com/fail2ban/fail2ban/commit/a2af19c9f0c7ad42e733693f1cbf3d247cded582)
so as grep-limit it uses https://github.com/fail2ban/fail2ban/blob/0.10/config/action.d/helpers-common.conf#L15 .
But either you have to use logrotate in order to hold your log-files slim as possible, or use another actions which don't need to cumulate failures from the log-file, like "sendmail-whois-matches".
Also note that current development as well as issue tracker is on github. Thus I'll close it here.