From 7e7c34a256bbdb37e890f284e68297b5be1e6b33 Mon Sep 17 00:00:00 2001 From: Dominik Winter Date: Fri, 12 Feb 2016 00:19:21 +0100 Subject: [PATCH] added fail2ban --- Dockerfile | 2 +- docker-compose.yml.dist | 1 + start-mailserver.sh | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bf4ab16d..4c893e81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ - opendkim opendkim-tools opendmarc curl + opendkim opendkim-tools opendmarc curl fail2ban RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* # Configures Saslauthd diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist index 69501fc4..15e07908 100644 --- a/docker-compose.yml.dist +++ b/docker-compose.yml.dist @@ -2,6 +2,7 @@ mail: image: tvial/docker-mailserver hostname: mail domainname: domain.com + privileged: true ports: - "25:25" - "143:143" diff --git a/start-mailserver.sh b/start-mailserver.sh index 050b9e06..f52cd5cb 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -188,6 +188,22 @@ echo "required_score 5" >> /etc/mail/spamassassin/local.cf echo "rewrite_header Subject ***SPAM***" >> /etc/mail/spamassassin/local.cf cp /tmp/spamassassin/rules.cf /etc/spamassassin/ + +echo "Configuring fail2ban" +# enable filters +perl -i -0pe 's/(\[postfix\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf +perl -i -0pe 's/(\[couriersmtp\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf +perl -i -0pe 's/(\[courierauth\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf +perl -i -0pe 's/(\[sasl\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf + +# increase ban time and find time to 3h +sed -i "/^bantime *=/c\bantime = 10800" /etc/fail2ban/jail.conf +sed -i "/^findtime *=/c\findtime = 10800" /etc/fail2ban/jail.conf + +# avoid warning on startup +echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf + + echo "Starting daemons" cron /etc/init.d/rsyslog start @@ -208,6 +224,7 @@ fi /etc/init.d/opendkim start /etc/init.d/opendmarc start /etc/init.d/postfix start +/etc/init.d/fail2ban start echo "Listing SASL users" sasldblistusers2