Mod Evasion Email Notification Issue

Question

We are attempting to set up Apache Mod Evasion to prevent future DOS attacks on one of our servers. Everything seems to be working well outside of email notifications. The stack is running PHP 7.1 and Apache2.4 on Ubuntu Server 16.04.

Email works fine via a test command:

sudo su - www-data -s /bin/bash -c 'echo "this is the body" | mail -s "Subject" [email protected] [email protected]'

Here is the mod evasion.conf:

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        1
    DOSSiteCount        1
    DOSPageInterval     10
    DOSSiteInterval     10
    DOSBlockingPeriod   10

    DOSEmailNotify      root
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/mod_evasive"
</IfModule>

Here is the ssmtp.conf file:

[email protected]
FromLineOverride=YES

Debug=YES
UseSTARTTLS=YES
UseTLS=YES
mailhub=email-smtp.us-east-1.amazonaws.com:465
AuthUser=#######
AuthPass=#######
AuthMethod=LOGIN

Here is the revaliases file:

root:[email protected]:email-smtp.us-east-1.amazonaws.com:25
www-data:[email protected]:email-smtp.us-east-1.amazonaws.com:25

Answer 1

mod_evasive has a hard-coded command of the mailer invocation, defined as MAILER inside the source-code and also mentioned in e.g. this bug report.

#define MAILER  "/bin/mail %s"

%s is substituted by the value of directive DOSEmailNotify when sending mails. However, nowadays on most systems /bin/main is not used and you might want to use sendmail instead. What you could do, is to create a wrapper script as /bin/mail (assumed that this binary does not exist at all or is not used).

#!/bin/bash
if [ "$1" != "" ]
then
        /usr/sbin/sendmail -t "$1"
fi

Adjust the path to your sendmail binary and finally make the script executable using chmod 0755 /bin/mail.