mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
config-examples: update fail2ban config examples with current DMS default values (#3258)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
This commit is contained in:
Andreas Perhab
GitHub
parent
c8dfb9ac76
commit
95c812346d
|
|
@ -5,11 +5,11 @@
|
||||||
# Changes: in most of the cases you should not modify this
|
# Changes: in most of the cases you should not modify this
|
||||||
# file, but provide customizations in fail2ban.local file, e.g.:
|
# file, but provide customizations in fail2ban.local file, e.g.:
|
||||||
#
|
#
|
||||||
# [Definition]
|
# [DEFAULT]
|
||||||
# loglevel = DEBUG
|
# loglevel = DEBUG
|
||||||
#
|
#
|
||||||
|
|
||||||
[Definition]
|
[DEFAULT]
|
||||||
|
|
||||||
# Option: loglevel
|
# Option: loglevel
|
||||||
# Notes.: Set the log level output.
|
# Notes.: Set the log level output.
|
||||||
|
|
@ -19,26 +19,26 @@
|
||||||
# NOTICE
|
# NOTICE
|
||||||
# INFO
|
# INFO
|
||||||
# DEBUG
|
# DEBUG
|
||||||
# Values: [ LEVEL ] Default: ERROR
|
# Values: [ LEVEL ] Default: INFO
|
||||||
#
|
#
|
||||||
#loglevel = INFO
|
loglevel = INFO
|
||||||
|
|
||||||
# Option: logtarget
|
# Option: logtarget
|
||||||
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
|
# Notes.: Set the log target. This could be a file, SYSTEMD-JOURNAL, SYSLOG, STDERR or STDOUT.
|
||||||
# Only one log target can be specified.
|
# Only one log target can be specified.
|
||||||
# If you change logtarget from the default value and you are
|
# If you change logtarget from the default value and you are
|
||||||
# using logrotate -- also adjust or disable rotation in the
|
# using logrotate -- also adjust or disable rotation in the
|
||||||
# corresponding configuration file
|
# corresponding configuration file
|
||||||
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
|
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
|
||||||
# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | FILE ] Default: STDERR
|
# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | SYSTEMD-JOURNAL | FILE ] Default: STDERR
|
||||||
#
|
#
|
||||||
#logtarget = /var/log/fail2ban.log
|
logtarget = /var/log/fail2ban.log
|
||||||
|
|
||||||
# Option: syslogsocket
|
# Option: syslogsocket
|
||||||
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
|
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
|
||||||
# auto uses platform.system() to determine predefined paths
|
# auto uses platform.system() to determine predefined paths
|
||||||
# Values: [ auto | FILE ] Default: auto
|
# Values: [ auto | FILE ] Default: auto
|
||||||
#syslogsocket = auto
|
syslogsocket = auto
|
||||||
|
|
||||||
# Option: socket
|
# Option: socket
|
||||||
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
||||||
|
|
@ -46,14 +46,20 @@
|
||||||
# communicate with the server afterwards.
|
# communicate with the server afterwards.
|
||||||
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
|
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
|
||||||
#
|
#
|
||||||
#socket = /var/run/fail2ban/fail2ban.sock
|
socket = /var/run/fail2ban/fail2ban.sock
|
||||||
|
|
||||||
# Option: pidfile
|
# Option: pidfile
|
||||||
# Notes.: Set the PID file. This is used to store the process ID of the
|
# Notes.: Set the PID file. This is used to store the process ID of the
|
||||||
# fail2ban server.
|
# fail2ban server.
|
||||||
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
|
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
|
||||||
#
|
#
|
||||||
#pidfile = /var/run/fail2ban/fail2ban.pid
|
pidfile = /var/run/fail2ban/fail2ban.pid
|
||||||
|
|
||||||
|
# Option: allowipv6
|
||||||
|
# Notes.: Allows IPv6 interface:
|
||||||
|
# Default: auto
|
||||||
|
# Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
|
||||||
|
#allowipv6 = auto
|
||||||
|
|
||||||
# Options: dbfile
|
# Options: dbfile
|
||||||
# Notes.: Set the file for the fail2ban persistent data to be stored.
|
# Notes.: Set the file for the fail2ban persistent data to be stored.
|
||||||
|
|
@ -61,9 +67,26 @@
|
||||||
# and data is lost when fail2ban is stopped.
|
# and data is lost when fail2ban is stopped.
|
||||||
# A value of "None" disables the database.
|
# A value of "None" disables the database.
|
||||||
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
|
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
|
||||||
#dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
||||||
|
|
||||||
# Options: dbpurgeage
|
# Options: dbpurgeage
|
||||||
# Notes.: Sets age at which bans should be purged from the database
|
# Notes.: Sets age at which bans should be purged from the database
|
||||||
# Values: [ SECONDS ] Default: 86400 (24hours)
|
# Values: [ SECONDS ] Default: 86400 (24hours)
|
||||||
#dbpurgeage = 1d
|
dbpurgeage = 1d
|
||||||
|
|
||||||
|
# Options: dbmaxmatches
|
||||||
|
# Notes.: Number of matches stored in database per ticket (resolvable via
|
||||||
|
# tags <ipmatches>/<ipjailmatches> in actions)
|
||||||
|
# Values: [ INT ] Default: 10
|
||||||
|
dbmaxmatches = 10
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
|
||||||
|
[Thread]
|
||||||
|
|
||||||
|
# Options: stacksize
|
||||||
|
# Notes.: Specifies the stack size (in KiB) to be used for subsequently created threads,
|
||||||
|
# and must be 0 or a positive integer value of at least 32.
|
||||||
|
# Values: [ SIZE ] Default: 0 (use platform or configured default)
|
||||||
|
#stacksize = 0
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
|
||||||
# "bantime" is the number of seconds that a host is banned.
|
# "bantime" is the number of seconds that a host is banned.
|
||||||
bantime = 3h
|
bantime = 1w
|
||||||
|
|
||||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||||
# seconds.
|
# seconds.
|
||||||
findtime = 10m
|
findtime = 1w
|
||||||
|
|
||||||
# "maxretry" is the number of failures before a host get banned.
|
# "maxretry" is the number of failures before a host get banned.
|
||||||
maxretry = 3
|
maxretry = 2
|
||||||
|
|
||||||
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
||||||
# will not ban a host which matches an address in this list. Several addresses
|
# will not ban a host which matches an address in this list. Several addresses
|
||||||
|
|
@ -25,9 +25,15 @@ enabled = true
|
||||||
|
|
||||||
[postfix]
|
[postfix]
|
||||||
enabled = true
|
enabled = true
|
||||||
|
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
|
||||||
|
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
|
||||||
|
# more aggressively. The same goes for the `postfix-sasl` jail.
|
||||||
|
mode = aggressive
|
||||||
|
|
||||||
|
|
||||||
[postfix-sasl]
|
[postfix-sasl]
|
||||||
enabled = true
|
enabled = true
|
||||||
|
mode = aggressive
|
||||||
|
|
||||||
# This jail is used for manual bans.
|
# This jail is used for manual bans.
|
||||||
# To ban an IP address use: setup.sh fail2ban ban <IP>
|
# To ban an IP address use: setup.sh fail2ban ban <IP>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue