2021-04-11 15:33:39 +00:00
|
|
|
[DEFAULT]
|
|
|
|
|
|
|
|
|
|
# "bantime" is the number of seconds that a host is banned.
|
2023-04-11 18:28:43 +00:00
|
|
|
bantime = 1w
|
2021-04-11 15:33:39 +00:00
|
|
|
|
|
|
|
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
|
|
|
|
# seconds.
|
2023-04-11 18:28:43 +00:00
|
|
|
findtime = 1w
|
2021-04-11 15:33:39 +00:00
|
|
|
|
|
|
|
|
# "maxretry" is the number of failures before a host get banned.
|
2023-04-11 18:28:43 +00:00
|
|
|
maxretry = 2
|
2021-04-11 15:33:39 +00:00
|
|
|
|
|
|
|
|
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
|
|
|
|
# will not ban a host which matches an address in this list. Several addresses
|
|
|
|
|
# can be defined using space (and/or comma) separator.
|
|
|
|
|
ignoreip = 127.0.0.1/8
|
|
|
|
|
|
2022-04-05 13:13:59 +00:00
|
|
|
# default ban action
|
|
|
|
|
# nftables-multiport: block IP only on affected port
|
|
|
|
|
# nftables-allports: block IP on all ports
|
|
|
|
|
banaction = nftables-allports
|
2021-04-18 10:55:43 +00:00
|
|
|
|
2021-04-11 15:33:39 +00:00
|
|
|
[dovecot]
|
|
|
|
|
enabled = true
|
|
|
|
|
|
|
|
|
|
[postfix]
|
|
|
|
|
enabled = true
|
2023-04-11 18:28:43 +00:00
|
|
|
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
|
|
|
|
|
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
|
|
|
|
|
# more aggressively. The same goes for the `postfix-sasl` jail.
|
|
|
|
|
mode = aggressive
|
2021-04-11 15:33:39 +00:00
|
|
|
|
|
|
|
|
[postfix-sasl]
|
|
|
|
|
enabled = true
|
2023-04-11 18:28:43 +00:00
|
|
|
mode = aggressive
|
2022-04-19 08:44:51 +00:00
|
|
|
|
|
|
|
|
# This jail is used for manual bans.
|
|
|
|
|
# To ban an IP address use: setup.sh fail2ban ban <IP>
|
|
|
|
|
[custom]
|
|
|
|
|
enabled = true
|
|
|
|
|
bantime = 180d
|
|
|
|
|
port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve
|
