github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #114 from 00angus/feat_fail2ban_change

Browse source 
Add ENABLE_FAIL2BAN environment variable to enable fail2ban service
This commit is contained in:
Thomas VIAL 2016-04-01 12:46:53 +02:00
parent 735bbcae34 5219aab9e8
commit 5048f8b509
4 changed files with 32 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Makefile
View file

@ -33,6 +33,12 @@ run:
-v "`pwd`/test":/tmp/test \ -v "`pwd`/test":/tmp/test \
-e SMTP_ONLY=1 \ -e SMTP_ONLY=1 \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
docker run -d --name mail_fail2ban \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-e ENABLE_FAIL2BAN=1 \
-h mail.my-domain.com -t $(NAME)
# Wait for containers to fully start # Wait for containers to fully start
sleep 60 sleep 60
@ -55,4 +61,4 @@ clean:
# Get default files back # Get default files back
git checkout postfix/accounts.cf postfix/main.cf postfix/virtual git checkout postfix/accounts.cf postfix/main.cf postfix/virtual
# Remove running test containers # Remove running test containers
docker rm -f mail mail_pop3 mail_smtponly docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban

5
README.md
View file

@ -96,10 +96,13 @@ Example:
* SA_TAG2 * SA_TAG2
* *6.31* (default) => add 'spam detected' headers at that level * *6.31* (default) => add 'spam detected' headers at that level
* SA_KILL * SA_KILL
* *6.31* (default) => triggers spam evasive actions) * *6.31* (default) => triggers spam evasive actions
* SASL_PASSWORD * SASL_PASSWORD
* *empty* (default) => No sasl_passwd will be created * *empty* (default) => No sasl_passwd will be created
* *string* => A /etc/postfix/sasl_passwd will be created with that content and postmap will be run on it * *string* => A /etc/postfix/sasl_passwd will be created with that content and postmap will be run on it
* ENABLE_FAIL2BAN
* *empty* (default) => fail2ban service disabled
* 1 => Enables fail2ban service
Please read [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/start-mailserver.sh) to understand what's expected. Please read [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/start-mailserver.sh) to understand what's expected.

6
start-mailserver.sh
View file

@ -275,7 +275,11 @@ fi
/etc/init.d/opendkim start /etc/init.d/opendkim start
/etc/init.d/opendmarc start /etc/init.d/opendmarc start
/etc/init.d/postfix start /etc/init.d/postfix start
/etc/init.d/fail2ban start
if [ "$ENABLE_FAIL2BAN" = 1 ]; then
echo "Starting fail2ban service"
/etc/init.d/fail2ban start
fi
echo "Listing SASL users" echo "Listing SASL users"
sasldblistusers2 sasldblistusers2

27
test/tests.bats
View file

@ -32,8 +32,13 @@
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "checking process: fail2ban" { @test "checking process: fail2ban (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'"
[ "$status" -eq 1 ]
}
@test "checking process: fail2ban (fail2ban server enabled)" {
run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@ -311,26 +316,26 @@
# #
@test "checking fail2ban: localhost is not banned" { @test "checking fail2ban: localhost is not banned" {
run docker exec mail /bin/sh -c "fail2ban-client status sasl | grep 'IP list:\s*127.0.0.1'" run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status sasl | grep 'IP list:.*127.0.0.1'"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }
@test "checking fail2ban: ban ip on multiple failed login" { @test "checking fail2ban: ban ip on multiple failed login" {
docker exec mail fail2ban-client status sasl docker exec mail_fail2ban fail2ban-client status sasl
docker exec mail fail2ban-client set sasl delignoreip 127.0.0.1/8 docker exec mail_fail2ban fail2ban-client set sasl delignoreip 127.0.0.1/8
docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt' docker exec mail_fail2ban /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt'
docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt' docker exec mail_fail2ban /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt'
docker exec mail /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt' docker exec mail_fail2ban /bin/sh -c 'nc -w 1 0.0.0.0 25 < /tmp/test/auth/smtp-auth-login-wrong.txt'
sleep 5 sleep 5
run docker exec mail /bin/sh -c "fail2ban-client status sasl | grep 'IP list:\s*127.0.0.1'" run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status sasl | grep 'IP list:.*127.0.0.1'"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "checking fail2ban: unban ip works" { @test "checking fail2ban: unban ip works" {
docker exec mail fail2ban-client set sasl addignoreip 127.0.0.1/8 docker exec mail_fail2ban fail2ban-client set sasl addignoreip 127.0.0.1/8
docker exec mail fail2ban-client set sasl unbanip 127.0.0.1 docker exec mail_fail2ban fail2ban-client set sasl unbanip 127.0.0.1
sleep 5 sleep 5
run docker exec mail /bin/sh -c "fail2ban-client status sasl | grep 'IP list:\s*127.0.0.1'" run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status sasl | grep 'IP list:.*127.0.0.1'"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
} }