github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

F2B: update F2B after discussion in #3256 (#3288)

Browse source
This commit is contained in:
Georg Lauterbach 2023-05-01 15:00:35 +02:00 committed by GitHub
parent b6261c7387
commit 2bdbe5d918
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config-examples/fail2ban-jail.cf
View file

@ -8,7 +8,7 @@ bantime = 1w
findtime = 1w
# "maxretry" is the number of failures before a host get banned.
maxretry = 2
maxretry = 6
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
@ -25,15 +25,12 @@ enabled = true
[postfix]
enabled = true
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
# more aggressively. The same goes for the `postfix-sasl` jail.
mode = aggressive
# For a reference on why this mode was chose, see
# https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
mode = extra
[postfix-sasl]
enabled = true
mode = aggressive
# This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP>

6
docs/content/config/security/fail2ban.md
View file

@ -29,7 +29,7 @@ hide:
### DMS Defaults
DMS will automatically ban IP addresses of hosts that have generated 2 failed attempts over the course of the last week. The bans themselves last for one week.
DMS will automatically ban IP addresses of hosts that have generated 6 failed attempts over the course of the last week. The bans themselves last for one week. The Postfix jail is configured to use `mode = extra` in DMS.
### Custom Files
@ -39,10 +39,10 @@ This following configuration files inside the `docker-data/dms/config/` volume w
1. `fail2ban-jail.cf` is copied to `/etc/fail2ban/jail.d/user-jail.local`
- with this file, you can adjust the configuration of individual jails and their defaults
- the is an example provided [in our repository on GitHub][github-file-f2bjail]
- there is an example provided [in our repository on GitHub][github-file-f2bjail]
2. `fail2ban-fail2ban.cf` is copied to `/etc/fail2ban/fail2ban.local`
- with this file, you can adjust F2B behavior in general
- the is an example provided [in our repository on GitHub][github-file-f2bconfig]
- there is an example provided [in our repository on GitHub][github-file-f2bconfig]
[docs-dms-config-volume]: ../../faq.md#what-about-the-docker-datadmsconfig-directory
[github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config-examples/fail2ban-jail.cf

10
target/fail2ban/jail.local
View file

@ -8,7 +8,7 @@ bantime = 1w
findtime = 1w
# "maxretry" is the number of failures before a host get banned.
maxretry = 2
maxretry = 6
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
@ -25,14 +25,12 @@ enabled = true
[postfix]
enabled = true
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
# more aggressively. The same goes for the `postfix-sasl` jail.
mode = aggressive
# For a reference on why this mode was chose, see
# https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
mode = extra
[postfix-sasl]
enabled = true
mode = aggressive
# This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP>