Sending email alerts/notifications from ModSecurity is easy with Lua. Just put this script somewhere:
```lua
from = "[email protected]"
to = "[email protected]"
-- We use the mail command to send emails. You could also use the lua socket library:
-- http://w3.impa.br/~diego/software/luasocket/smtp.html
function main()
-- create email
local subject = m.getvar("TX.email_subject")
local body = m.getvar("TX.email_body")
if subject == nil then
return nil
end
if body == nil then
body = subject .. ":\n" ..
"IP:\t " .. m.getvar("REMOTE_ADDR") .. "\n " ..
"HOST:\t " .. m.getvar("REMOTE_HOST") .. "\n " ..
"URI:\t " .. m.getvar("REQUEST_URI")
end
m.log(4, "Sending email " .. subject)
m.log(5, body)
-- use the mail command to send emails
local cmd = "echo -e \"" .. body .. "\" | mail -s \"" .. subject .. "\" ".. from .." -- -r \"" .. to .. "\""
-- remove variables
m.setvar('tx.email_subject', nil)
m.setvar('tx.email_body', nil)
-- execute command
local f = io.popen(cmd)
-- read result
local l = f:read("*a")
m.log(5, "mail output: " .. l)
f:close()
--print(l)
return nil
end
```
Next set up a rule that executes the script after a user has been blocked:
```lua
SecRule IP:bf_ip_counter "@gt 3" \
"phase:5,pass,t:none, \
setvar:'tx.email_subject=Blocking IP. Too many authentication failures.',exec:/xxx/email.lua, \
...
```
Now verify that it works. Note that this script uses the mail command, so [make sure sending mails with Postfix and mail](http://snippets.aktagon.com/snippets/562-How-to-send-emails-from-the-command-line-in-Linux) works.