mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
fail2ban handling integrated in setup.sh (#797)
* fail2ban handling integrated in setup.sh - calling \"./setup debug fail2ban\" lists all iptable chains whith blocked IPs (like: Banned in dovecot: 91.200.12.164 Banned in postfix-sasl: 91.200.12.164) - calling \"./setup debug fail2ban unban xxx.xxx.xxx.xxx [yyy.yyy.yyy.yyy ...]\" unbans/removes those IPs from all jails. - calling \"./setup debug fail2ban unban\" (without an IP) gives an descriptive error: (You need to specify an IP address. Run "./setup.sh debug fail2ban" to get a list of banned IP addresses.) * disable_vrfy_command: (#798) Prevents Spammers from collecting existing mail-addresses by probing the mailserver for them. * Added support for Dovecot and Postfix LDAP TLS (#800) * Allow setup of LDAP STARTTLS for Dovecot and Postfix * Added tests for TLS config override * Add missing Postfix TLS options * Added missing new line at the end of the file * Added STARTTLS tests for Postfix config * tests added and made the script output look more shiny. * setup.sh enhancements
This commit is contained in:
parent
d270fcdd40
commit
c2f4220016
41
setup.sh
41
setup.sh
|
@ -60,6 +60,7 @@ SUBCOMMANDS:
|
||||||
debug:
|
debug:
|
||||||
|
|
||||||
$0 debug fetchmail
|
$0 debug fetchmail
|
||||||
|
$0 debug fail2ban <unban> <ip-address>
|
||||||
$0 debug show-mail-logs
|
$0 debug show-mail-logs
|
||||||
$0 debug inspect
|
$0 debug inspect
|
||||||
$0 debug login <commands>
|
$0 debug login <commands>
|
||||||
|
@ -180,6 +181,46 @@ case $1 in
|
||||||
fetchmail)
|
fetchmail)
|
||||||
_docker_image debug-fetchmail
|
_docker_image debug-fetchmail
|
||||||
;;
|
;;
|
||||||
|
fail2ban)
|
||||||
|
shift
|
||||||
|
JAILS=$(_docker_container fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,//g')
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
IP_COUNT=0
|
||||||
|
for JAIL in $JAILS; do
|
||||||
|
BANNED_IP=$(_docker_container iptables -L f2b-$JAIL -n | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')
|
||||||
|
if [ -n "$BANNED_IP" ]; then
|
||||||
|
BANNED_IP=$(echo $BANNED_IP | sed -e 's/\n/,/g')
|
||||||
|
echo "Banned in $JAIL: $BANNED_IP"
|
||||||
|
IP_COUNT=$((IP_COUNT+1))
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ "$IP_COUNT" -eq 0 ]; then
|
||||||
|
echo "No IPs have been banned"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
case $1 in
|
||||||
|
unban)
|
||||||
|
shift
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
for JAIL in $JAILS; do
|
||||||
|
RESULT=`_docker_container fail2ban-client set $JAIL unbanip $@`
|
||||||
|
case "$RESULT" in
|
||||||
|
*"is not banned"*) ;;
|
||||||
|
*"NOK"*) ;;
|
||||||
|
*) echo -n "unbanned IP from $JAIL: "
|
||||||
|
echo "$RESULT";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
else
|
||||||
|
echo "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
_usage
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
;;
|
||||||
show-mail-logs)
|
show-mail-logs)
|
||||||
_docker_container cat /var/log/mail/mail.log
|
_docker_container cat /var/log/mail/mail.log
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -1131,6 +1131,21 @@ load 'test_helper/bats-assert/load'
|
||||||
run ./setup.sh -c mail debug login ls
|
run ./setup.sh -c mail debug login ls
|
||||||
assert_success
|
assert_success
|
||||||
}
|
}
|
||||||
|
@test "checking setup.sh: setup.sh debug fail2ban" {
|
||||||
|
|
||||||
|
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4"
|
||||||
|
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
|
||||||
|
sleep 10
|
||||||
|
run ./setup.sh -c mail_fail2ban debug fail2ban
|
||||||
|
assert_output "Banned in dovecot: 192.0.66.5 192.0.66.4"
|
||||||
|
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4
|
||||||
|
assert_output --partial "unbanned IP from dovecot: 192.0.66.4"
|
||||||
|
run ./setup.sh -c mail_fail2ban debug fail2ban
|
||||||
|
assert_output "Banned in dovecot: 192.0.66.5"
|
||||||
|
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5
|
||||||
|
run ./setup.sh -c mail_fail2ban debug fail2ban unban
|
||||||
|
assert_output --partial "You need to specify an IP address. Run"
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# LDAP
|
# LDAP
|
||||||
|
|
Loading…
Reference in a new issue