diff --git a/docs/content/config/security/fail2ban.md b/docs/content/config/security/fail2ban.md index 4ea7df63..60f3feae 100644 --- a/docs/content/config/security/fail2ban.md +++ b/docs/content/config/security/fail2ban.md @@ -4,10 +4,30 @@ hide: - toc # Hide Table of Contents for this page --- -Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default. If you want to change this, you can easily edit [`config/fail2ban-jail.cf`][github-file-f2bjail]. +Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default. + +## Configuration files + +If you want to change this, you can easily edit [`config/fail2ban-jail.cf`][github-file-f2bjail]. You can do the same with the values from `fail2ban.conf`, e.g `dbpurgeage`. In that case you need to edit [`config/fail2ban-fail2ban.cf`][github-file-f2bconfig]. +The configuration files need to be located at the root of the `/tmp/docker-mailserver/` volume bind. + +This following configuration files from `/tmp/docker-mailserver/` will be copied at boot time. + +- `fail2ban-jail.cf` -> `/etc/fail2ban/jail.d/user-jail.local` +- `fail2ban-fail2ban.cf` -> `/etc/fail2ban/fail2ban.local` + +### Docker-compose config + +Example configuration volume bind: + +```yaml + volumes: + - ./config/:/tmp/docker-mailserver/ +``` + !!! attention The mail container must be launched with the `NET_ADMIN` capability in order to be able to install the iptable rules that actually ban IP addresses. @@ -28,8 +48,24 @@ t initialize iptables table `filter': Permission denied (you must be root)\nPerh j f2b-postfix ``` +## Manage bans + You can also manage and list the banned IPs with the [`setup.sh`][docs-setupsh] script. +### List bans + +```sh +./setup.sh debug fail2ban +``` + +### Un-ban + +Here `192.168.1.15` is our banned IP. + +```sh +./setup.sh debug fail2ban unban 192.168.1.15 +``` + [docs-setupsh]: ../setup.sh.md [github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-jail.cf [github-file-f2bconfig]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-fail2ban.cf diff --git a/target/amavis/conf.d/62-improve_privacy_remove_headers b/target/amavis/conf.d/62-improve_privacy_remove_headers index a322a688..78756b23 100644 --- a/target/amavis/conf.d/62-improve_privacy_remove_headers +++ b/target/amavis/conf.d/62-improve_privacy_remove_headers @@ -3,7 +3,7 @@ use strict; # disable the "Received" headers to be added to the mail header $allowed_added_header_fields{lc('Received')} = 0; -# Hide with whay virus scanner we scan +# Hide with what virus scanner we scan $X_HEADER_LINE = "Yes"; #------------ Do not modify anything below this line -------------