mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
config-examples: update fail2ban config examples with current DMS default values (#3258)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
This commit is contained in:
parent
c8dfb9ac76
commit
95c812346d
|
@ -5,11 +5,11 @@
|
|||
# Changes: in most of the cases you should not modify this
|
||||
# file, but provide customizations in fail2ban.local file, e.g.:
|
||||
#
|
||||
# [Definition]
|
||||
# [DEFAULT]
|
||||
# loglevel = DEBUG
|
||||
#
|
||||
|
||||
[Definition]
|
||||
[DEFAULT]
|
||||
|
||||
# Option: loglevel
|
||||
# Notes.: Set the log level output.
|
||||
|
@ -19,26 +19,26 @@
|
|||
# NOTICE
|
||||
# INFO
|
||||
# DEBUG
|
||||
# Values: [ LEVEL ] Default: ERROR
|
||||
# Values: [ LEVEL ] Default: INFO
|
||||
#
|
||||
#loglevel = INFO
|
||||
loglevel = INFO
|
||||
|
||||
# Option: logtarget
|
||||
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
|
||||
# Notes.: Set the log target. This could be a file, SYSTEMD-JOURNAL, SYSLOG, STDERR or STDOUT.
|
||||
# Only one log target can be specified.
|
||||
# If you change logtarget from the default value and you are
|
||||
# using logrotate -- also adjust or disable rotation in the
|
||||
# corresponding configuration file
|
||||
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
|
||||
# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | FILE ] Default: STDERR
|
||||
# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | SYSTEMD-JOURNAL | FILE ] Default: STDERR
|
||||
#
|
||||
#logtarget = /var/log/fail2ban.log
|
||||
logtarget = /var/log/fail2ban.log
|
||||
|
||||
# Option: syslogsocket
|
||||
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
|
||||
# auto uses platform.system() to determine predefined paths
|
||||
# Values: [ auto | FILE ] Default: auto
|
||||
#syslogsocket = auto
|
||||
syslogsocket = auto
|
||||
|
||||
# Option: socket
|
||||
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
|
||||
|
@ -46,14 +46,20 @@
|
|||
# communicate with the server afterwards.
|
||||
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
|
||||
#
|
||||
#socket = /var/run/fail2ban/fail2ban.sock
|
||||
socket = /var/run/fail2ban/fail2ban.sock
|
||||
|
||||
# Option: pidfile
|
||||
# Notes.: Set the PID file. This is used to store the process ID of the
|
||||
# fail2ban server.
|
||||
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
|
||||
#
|
||||
#pidfile = /var/run/fail2ban/fail2ban.pid
|
||||
pidfile = /var/run/fail2ban/fail2ban.pid
|
||||
|
||||
# Option: allowipv6
|
||||
# Notes.: Allows IPv6 interface:
|
||||
# Default: auto
|
||||
# Values: [ auto yes (on, true, 1) no (off, false, 0) ] Default: auto
|
||||
#allowipv6 = auto
|
||||
|
||||
# Options: dbfile
|
||||
# Notes.: Set the file for the fail2ban persistent data to be stored.
|
||||
|
@ -61,9 +67,26 @@
|
|||
# and data is lost when fail2ban is stopped.
|
||||
# A value of "None" disables the database.
|
||||
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
|
||||
#dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
||||
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
||||
|
||||
# Options: dbpurgeage
|
||||
# Notes.: Sets age at which bans should be purged from the database
|
||||
# Values: [ SECONDS ] Default: 86400 (24hours)
|
||||
#dbpurgeage = 1d
|
||||
dbpurgeage = 1d
|
||||
|
||||
# Options: dbmaxmatches
|
||||
# Notes.: Number of matches stored in database per ticket (resolvable via
|
||||
# tags <ipmatches>/<ipjailmatches> in actions)
|
||||
# Values: [ INT ] Default: 10
|
||||
dbmaxmatches = 10
|
||||
|
||||
[Definition]
|
||||
|
||||
|
||||
[Thread]
|
||||
|
||||
# Options: stacksize
|
||||
# Notes.: Specifies the stack size (in KiB) to be used for subsequently created threads,
|
||||
# and must be 0 or a positive integer value of at least 32.
|
||||
# Values: [ SIZE ] Default: 0 (use platform or configured default)
|
||||
#stacksize = 0
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
[DEFAULT]
|
||||
|
||||
# "bantime" is the number of seconds that a host is banned.
|
||||
bantime = 3h
|
||||
bantime = 1w
|
||||
|
||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||
# seconds.
|
||||
findtime = 10m
|
||||
findtime = 1w
|
||||
|
||||
# "maxretry" is the number of failures before a host get banned.
|
||||
maxretry = 3
|
||||
maxretry = 2
|
||||
|
||||
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
||||
# will not ban a host which matches an address in this list. Several addresses
|
||||
|
@ -25,9 +25,15 @@ enabled = true
|
|||
|
||||
[postfix]
|
||||
enabled = true
|
||||
# See https://github.com/fail2ban/fail2ban/blob/27294c4b9ee5d5568a1d5f83af744ea39d5a1acb/config/filter.d/postfix.conf#L58
|
||||
# `mode=aggressive` basically combines more filters to match more lines, and hence, apply rules
|
||||
# more aggressively. The same goes for the `postfix-sasl` jail.
|
||||
mode = aggressive
|
||||
|
||||
|
||||
[postfix-sasl]
|
||||
enabled = true
|
||||
mode = aggressive
|
||||
|
||||
# This jail is used for manual bans.
|
||||
# To ban an IP address use: setup.sh fail2ban ban <IP>
|
||||
|
|
Loading…
Reference in a new issue