FastNetMon can send emails about hosts blocked using blackhole approach and it can send emails about each partial block rule (BGP Flow spec mode) deployed to block malicious traffic.

We recommend using SMTP server in your network to avoid issues during DDoS attacks because external connectivity may be affected by attack and email notification will not be send.

We strongly advice against using standard Gmail accounts for email alerts as Google frequently blocks them and recently password authentication was disabled completely. You can use Google Suite services but please add IP of server into allow list to avoid blocks.

We recommend using internal SMTP server to avoid potential connectivity disruption due to attack which will lead to inability to send alert email.

Example configuration which includes all available options:

sudo fcli set main email_notifications_enabled enable
sudo fcli set main email_notifications_tls enable
sudo fcli set main email_notifications_auth enable
sudo fcli set main email_notifications_port 587
sudo fcli set main email_notifications_host smtp.email-service.com
sudo fcli set main email_notifications_from mynotificationemail@email-service.com
sudo fcli set main email_notifications_username mynotificationemail@email-service.com
sudo fcli set main email_notifications_password please_keep_it_secure
sudo fcli set main email_notifications_recipients noc@yourcompany.com
sudo fcli set main email_notifications_recipients tech@yourcompany.com

Then you could use this command and send test email to configured notification emails

sudo fcli set email_test

In case of any issues with email delivery, please check that your server has application “msmtp” installed. Also, you may check /var/log/fastnetmon/email.log file about any error messages.

You also may change default email subjects easily:

sudo fcli set main email_subject_blackhole_block "Our defense system blocked host {{ ip }}"
sudo fcli set main email_subject_blackhole_unblock "Our defense system unblocked host {{ ip }}"
sudo fcli set main email_subject_partial_block "FastNetMon partially blocked traffic for host {{ ip }}"
sudo fcli commit

If your server uses custom auth method then you can specify it explicitly but in almost all cases you do not need to do so, best auth method will be selected automatically:

sudo fcli set main email_notifications_auth_method XXX

Where XXX may be one of the following options:

  • login
  • plain
  • scram-sha-1
  • cram-md5
  • gssapi
  • external
  • digest-md5
  • ntlm

If you use self signed certificates for your SMTP server you will need to set this option to ignore certificate validation issues:

sudo fcli set main email_notifications_disable_certificate_checks true
sudo fcli commit

By default, FastNetMon adds dump of attack’s traffic but this behavior can be disabled this way:

sudo fcli set main email_notifications_add_simple_packet_dump false
sudo fcli commit

In case of any issues with msmpt you can try running it directly using same syntax as FastNetMon uses internally:

cat message.txt | sudo msmtp -t -a default --file=/etc/fastnetmon/msmtp.conf

As example message.txt you can use:

To: noc@domain.net
From: noc@domain.net
Subject: Test

.

Test body

After running this command please share error message with our support team and we will be able to advice on this matter.

On old installations which use Ubuntu or Debian you may face issues related with AppArmor which did not like fact that msmtp uses non standard configuration path and block execution. To address this issue you need to do following:

sudo apt-get install -y apparmor-utils
sudo /usr/sbin/aa-disable msmtp

After that please try sending test email::

sudo fcli set email_test

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com