Is there a way to use an existing mta/sendmail for mailing crowdsec events?

Hi, I would like to get e-mail notifications when certain CrowdSec events are triggered. I am aware that there is a solution where I need to provide credentials for a mail service like google mail. However, there are already MTAs (postfix) running on my systems which can send system mails, e.g. via sendmail command, and I would like to reuse them. Is anybody aware of ways how CrowdSec can send e-mails via a local MTA installation? Thanks.

There is no way currently, but maybe an idea could be for us to create a notification plugin that executes a path to a binary. Which then passes the “format” as the arguments? I don’t use sendmail much so any insight you can provide on how you use it may allow for further extensibility.

Hey, thanks for the fast reply. Having something like the plugin you described would be awesome!

The sendmail man gives the full picture, of course. However, the easier way is probably to look at other solutions. fail2ban, for example, does the following (both lines taken completely out of context and out of different config files, but I guess you get the idea):

mailcmd = /usr/sbin/sendmail -f "<sender>" "<dest>"
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
            From: <sendername> <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n
            Regards,\n
            Fail2Ban" | <mailcmd>

The actionban is executed after a ban. dest (e-mail address of recipient) needs to be defined by the user. The rest of the variables are internally defined.

Another example is given here. sendmail -t takes the recipient (and other header information) out of the message itself.

I don’t know what is the better way…

Thanks for looking into this. Of course, I am open for testing, if required.

Hey iiAmLoz, I had a look at the documentation on writing notification plugins. I have the impression that it could be sufficient to copy/rename the existing e-mail plugin including configs etc. and modify it in such a way that it doesn’t use a smtp client to send the mail, but instead calls the sendmail command. Is that a viable path? I have no experience of writing code in Go, so I don’t know if a shell command can be initiated somewhere.

Any thoughts or hints on this?