Fail2ban plugin

Hi,

I'm trying to play with Fail2ban plugin and I don't understand the goal of "exclusion time" and "max retry" in the main parameters tab :

They seem to always be ignored and replaced by the same parameters under each jail service configuration which are not optional :

With the previous values, exclusion time is set to "forever" and cannot be left empty to use general parameter (1h).

Same for max retry... except I don't know what "-1" means. It seems it blocks account on each fail.

Another small issue is for the text attached to max retry (in jail tab). In french, it's translated in "Essai maximum en secondes" but, as I understood it's in occurrences, not in seconds.

And it's not a translation issue because in english, the text is the same :

msgid "Max Retry in seconds."
msgstr "Essai maximum en secondes."

Finally, last issue I had is the default MTA generated by OMV in /etc/fail2ban/jail.conf file.

It's set as "mta = sendmail" (the default for fail2ban), but as I remember sendmail is not installed on OMV by default (finally, not really sure, it's not a path issue...)

So to solve this, my 1st try was to install sendmail with "apt install sendmail" (DON'T DO THIS) without looking enough on packages impacts and, doing this, OMV is simply uninstalled...

Well, I solved this by reinstalling OMV and sendmail stays installed for me.

If sendmail is effectively not installed by default, better option would be to change OMV generated jail.conf file to use "mta = mail", no ?

As an alternative, on the user side, it's possible to create a local file for this :

sudo nano /etc/fail2ban/jail.d/default.conf

and insert in this file :

[DEFAULT]
mta = mail

then reload fail2ban with :

sudo systemctl restart fail2ban.service

Sorry for this long mail and thank you for your advices.

Regards.

Thank you for your answer and sorry for my english

I'm going to try to reformulate...

My 1st question about "exclusion time" and "max retry" :

Can the values entered in the fail2ban plugin main page (1st tab "General parameters") be used in anyway ?

I'm telling that because I think they are overridden by the same parameters you must fill in each jail (under jail service you cannot leave it blank to inherit general values ? "This field is required" ).

2nd point, for the "tip" below the "max retry", it's not "in seconds" :

Finaly, for sendmail, no, unfortunately I didn't know it's part of postfix (I should have been... It would have prevented me from all the problems I had to deal with ^^)

That's what I finally though... I didn't have /usr/sbin in my path and so missed this binary existence... So tried to install it and crashed my OMV...

Of course, if sendmail is present by default, no need to switch to mail (the way I described or the alternative way you told).

This part is solved... even if I think I broke some things in my installation because if I try to make the same manipulations (without going to the end...), I can't cause something seems to be broken :

xxxx@omv:/etc/fail2ban/jail.d$ sudo apt install sendmail
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
Certains paquets ne peuvent être installés. Ceci peut signifier
que vous avez demandé l'impossible, ou bien, si vous utilisez
la distribution unstable, que certains paquets n'ont pas encore
été créés ou ne sont pas sortis d'Incoming.
L'information suivante devrait vous aider à résoudre la situation :

Les paquets suivants contiennent des dépendances non satisfaites :
 sendmail : Dépend: sendmail-bin mais ne sera pas installé
E: Impossible de corriger les problèmes, des paquets défectueux sont en mode « garder en l'état ».

Don't know if I should try to correct this or not (also because I don't know how...). I fear to broke OMV again...

Thanks