F2B: update F2B after discussion in #3256 (#3288)

This commit is contained in:
Georg Lauterbach 2023-05-01 15:00:35 +02:00 committed by GitHub
parent b6261c7387
commit 2bdbe5d918
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 16 deletions

View file

@ -8,7 +8,7 @@ bantime = 1w
findtime = 1w findtime = 1w
# "maxretry" is the number of failures before a host get banned. # "maxretry" is the number of failures before a host get banned.
maxretry = 2 maxretry = 6
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses # will not ban a host which matches an address in this list. Several addresses
@ -25,15 +25,12 @@ enabled = true
[postfix] [postfix]
enabled = true enabled = true
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58 # For a reference on why this mode was chose, see
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules # https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
# more aggressively. The same goes for the `postfix-sasl` jail. mode = extra
mode = aggressive
[postfix-sasl] [postfix-sasl]
enabled = true enabled = true
mode = aggressive
# This jail is used for manual bans. # This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP> # To ban an IP address use: setup.sh fail2ban ban <IP>

View file

@ -29,7 +29,7 @@ hide:
### DMS Defaults ### DMS Defaults
DMS will automatically ban IP addresses of hosts that have generated 2 failed attempts over the course of the last week. The bans themselves last for one week. DMS will automatically ban IP addresses of hosts that have generated 6 failed attempts over the course of the last week. The bans themselves last for one week. The Postfix jail is configured to use `mode = extra` in DMS.
### Custom Files ### Custom Files
@ -39,10 +39,10 @@ This following configuration files inside the `docker-data/dms/config/` volume w
1. `fail2ban-jail.cf` is copied to `/etc/fail2ban/jail.d/user-jail.local` 1. `fail2ban-jail.cf` is copied to `/etc/fail2ban/jail.d/user-jail.local`
- with this file, you can adjust the configuration of individual jails and their defaults - with this file, you can adjust the configuration of individual jails and their defaults
- the is an example provided [in our repository on GitHub][github-file-f2bjail] - there is an example provided [in our repository on GitHub][github-file-f2bjail]
2. `fail2ban-fail2ban.cf` is copied to `/etc/fail2ban/fail2ban.local` 2. `fail2ban-fail2ban.cf` is copied to `/etc/fail2ban/fail2ban.local`
- with this file, you can adjust F2B behavior in general - with this file, you can adjust F2B behavior in general
- the is an example provided [in our repository on GitHub][github-file-f2bconfig] - there is an example provided [in our repository on GitHub][github-file-f2bconfig]
[docs-dms-config-volume]: ../../faq.md#what-about-the-docker-datadmsconfig-directory [docs-dms-config-volume]: ../../faq.md#what-about-the-docker-datadmsconfig-directory
[github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config-examples/fail2ban-jail.cf [github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config-examples/fail2ban-jail.cf

View file

@ -8,7 +8,7 @@ bantime = 1w
findtime = 1w findtime = 1w
# "maxretry" is the number of failures before a host get banned. # "maxretry" is the number of failures before a host get banned.
maxretry = 2 maxretry = 6
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses # will not ban a host which matches an address in this list. Several addresses
@ -25,14 +25,12 @@ enabled = true
[postfix] [postfix]
enabled = true enabled = true
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58 # For a reference on why this mode was chose, see
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules # https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
# more aggressively. The same goes for the `postfix-sasl` jail. mode = extra
mode = aggressive
[postfix-sasl] [postfix-sasl]
enabled = true enabled = true
mode = aggressive
# This jail is used for manual bans. # This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP> # To ban an IP address use: setup.sh fail2ban ban <IP>