docker-mailserver/target/fail2ban/jail.conf

# Fail2Ban configuration file.
#
# This file was composed for Debian systems from the original one
# provided now under /usr/share/doc/fail2ban/examples/jail.conf
# for additional examples.
#
# Comments: use '#' for comment lines and ';' for inline comments
#
# To avoid merges during upgrades DO NOT MODIFY THIS FILE
# and rather provide your changes in /etc/fail2ban/jail.local
#

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# "bantime" is the number of seconds that a host is banned.
bantime = 10800

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10800
maxretry = 3

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#            If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#            If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# auto:      will try to use the following backends, in order:
#            pyinotify, gamin, polling.
backend = gamin

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when reverse DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a reverse DNS lookup will be performed.
# warn:  if a hostname is encountered, a reverse DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
usedns = warn

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost

#
# Name of the sender for mta actions
sendername = Fail2Ban

#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = hostsdeny

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s

#
# JAILS
#

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

#
# Mail servers
#

[postfix]

enabled = true
port     = smtp,ssmtp,submission
filter   = postfix
logpath = /var/log/mail/mail.log

#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#

[sasl]

enabled = true
port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter   = postfix-sasl
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = /var/log/mail/mail.log

[dovecot]

enabled = true
port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter  = dovecot
logpath = /var/log/mail/mail.log

# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local
#   is not at DEBUG level -- which might then cause fail2ban to fall into
#   an infinite loop constantly feeding itself with non-informative lines
[recidive]

enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
action   = iptables-allports[name=recidive]
           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
Fixing last tests on fail2ban regarding #102 and docker-mailserver v2 2016-04-17 20:59:35 +00:00			`# Fail2Ban configuration file.`
			`#`
			`# This file was composed for Debian systems from the original one`
			`# provided now under /usr/share/doc/fail2ban/examples/jail.conf`
			`# for additional examples.`
			`#`
			`# Comments: use '#' for comment lines and ';' for inline comments`
			`#`
			`# To avoid merges during upgrades DO NOT MODIFY THIS FILE`
			`# and rather provide your changes in /etc/fail2ban/jail.local`
			`#`

			`# The DEFAULT allows a global definition of the options. They can be overridden`
			`# in each jail afterwards.`

			`[DEFAULT]`

			`# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not`
			`# ban a host which matches an address in this list. Several addresses can be`
			`# defined using space separator.`
			`ignoreip = 127.0.0.1/8`

			`# "bantime" is the number of seconds that a host is banned.`
			`bantime = 10800`

			`# A host is banned if it has generated "maxretry" during the last "findtime"`
			`# seconds.`
			`findtime = 10800`
			`maxretry = 3`

			`# "backend" specifies the backend used to get files modification.`
			`# Available options are "pyinotify", "gamin", "polling" and "auto".`
			`# This option can be overridden in each jail as well.`
			`#`
			`# pyinotify: requires pyinotify (a file alteration monitor) to be installed.`
			`# If pyinotify is not installed, Fail2ban will use auto.`
			`# gamin: requires Gamin (a file alteration monitor) to be installed.`
			`# If Gamin is not installed, Fail2ban will use auto.`
			`# polling: uses a polling algorithm which does not require external libraries.`
			`# auto: will try to use the following backends, in order:`
			`# pyinotify, gamin, polling.`
			`backend = gamin`

			`# "usedns" specifies if jails should trust hostnames in logs,`
			`# warn when reverse DNS lookups are performed, or ignore all hostnames in logs`
			`#`
			`# yes: if a hostname is encountered, a reverse DNS lookup will be performed.`
			`# warn: if a hostname is encountered, a reverse DNS lookup will be performed,`
			`# but it will be logged as a warning.`
			`# no: if a hostname is encountered, will not be used for banning,`
			`# but it will be logged as info.`
			`usedns = warn`

			`#`
			`# Destination email address used solely for the interpolations in`
			`# jail.{conf,local} configuration files.`
			`destemail = root@localhost`

			`#`
			`# Name of the sender for mta actions`
			`sendername = Fail2Ban`

			`#`
			`# ACTIONS`
			`#`

			`# Default banning action (e.g. iptables, iptables-new,`
			`# iptables-multiport, shorewall, etc) It is used to define`
			`# action_* variables. Can be overridden globally or per`
			`# section within jail.local file`
Fixed i#152 Fail2ban config and tests 2016-04-22 15:51:14 +00:00			`banaction = hostsdeny`
Fixing last tests on fail2ban regarding #102 and docker-mailserver v2 2016-04-17 20:59:35 +00:00
			`# email action. Since 0.8.1 upstream fail2ban uses sendmail`
			`# MTA for the mailing. Change mta configuration parameter to mail`
			`# if you want to revert to conventional 'mail'.`
			`mta = sendmail`

			`# Default protocol`
			`protocol = tcp`

			`# Specify chain where jumps would need to be added in iptables-* actions`
			`chain = INPUT`

			`#`
			`# Action shortcuts. To be used to define action parameter`

			`# The simplest action to take: ban only`
			`action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]`

			`# ban & send an e-mail with whois report to the destemail.`
			`action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]`
			`%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]`

			`# ban & send an e-mail with whois report and relevant log lines`
			`# to the destemail.`
			`action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]`
			`%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]`

			`# Choose default action. To change, just override value of 'action' with the`
			`# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local`
			`# globally (section [DEFAULT]) or per specific section`
			`action = %(action_)s`

			`#`
			`# JAILS`
			`#`

			`[ssh]`

			`enabled = true`
			`port = ssh`
			`filter = sshd`
			`logpath = /var/log/auth.log`
			`maxretry = 6`

			`#`
			`# Mail servers`
			`#`

			`[postfix]`

			`enabled = true`
			`port = smtp,ssmtp,submission`
			`filter = postfix`
			`logpath = /var/log/mail/mail.log`

			`#`
			`# Mail servers authenticators: might be used for smtp,ftp,imap servers, so`
			`# all relevant ports get banned`
			`#`

			`[sasl]`

			`enabled = true`
			`port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s`
			`filter = postfix-sasl`
			`# You might consider monitoring /var/log/mail.warn instead if you are`
			`# running postfix since it would provide the same log lines at the`
			`# "warn" level but overall at the smaller filesize.`
			`logpath = /var/log/mail/mail.log`

			`[dovecot]`

			`enabled = true`
			`port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s`
			`filter = dovecot`
			`logpath = /var/log/mail/mail.log`

			`# Jail for more extended banning of persistent abusers`
			`# !!! WARNING !!!`
			`# Make sure that your loglevel specified in fail2ban.conf/.local`
			`# is not at DEBUG level -- which might then cause fail2ban to fall into`
			`# an infinite loop constantly feeding itself with non-informative lines`
			`[recidive]`

			`enabled = false`
			`filter = recidive`
			`logpath = /var/log/fail2ban.log`
			`action = iptables-allports[name=recidive]`
			`sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]`