security - fail2ban repeatedly sends notifications

Question

we re facing issue with fail2ban.

Our setup for example:

jail.conf:

[nginx-404]

enabled = true
port    = http,https
filter  = nginx-404
logpath = /var/log/nginx/*access.log
maxretry = 5
findtime = 300
action = mail

than action:

[Definition]

actionstart =
actionstop =
actioncheck =

actionban = printf %%b "Hi,

            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.

            Regards,

            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>

actionunban =

After restart service or reboot system. It send immediately all bans which were done before.

Is there any solution to stop sending hundreds notifications after restart ? Thanks for anyadvice.

Answer 1

Is there any solution to stop sending hundreds notifications after restart ?

Yes. Just specify norestored = true in your action. See PR #1669 for more info.