fail2ban handling integrated in setup.sh (#797)

* fail2ban handling integrated in setup.sh

- calling \"./setup debug fail2ban\" lists all iptable chains whith blocked IPs (like: Banned in dovecot: 91.200.12.164
										       Banned in postfix-sasl: 91.200.12.164)
- calling \"./setup debug fail2ban unban xxx.xxx.xxx.xxx [yyy.yyy.yyy.yyy ...]\" unbans/removes those IPs from all jails.
- calling \"./setup debug fail2ban unban\" (without an IP) gives an descriptive error: (You need to specify an IP address. Run "./setup.sh debug fail2ban" to get a list of banned IP addresses.)

* disable_vrfy_command: (#798)

Prevents Spammers from collecting existing mail-addresses by probing the mailserver for them.

* Added support for Dovecot and Postfix LDAP TLS (#800)

* Allow setup of LDAP STARTTLS for Dovecot and Postfix

* Added tests for TLS config override

* Add missing Postfix TLS options

* Added missing new line at the end of the file

* Added STARTTLS tests for Postfix config

* tests added
and made the script output look more shiny.

* setup.sh enhancements
This commit is contained in:
17Halbe 2018-01-31 22:25:29 +01:00 committed by Johan Smits
parent d270fcdd40
commit c2f4220016
2 changed files with 56 additions and 0 deletions

View file

@ -60,6 +60,7 @@ SUBCOMMANDS:
debug: debug:
$0 debug fetchmail $0 debug fetchmail
$0 debug fail2ban <unban> <ip-address>
$0 debug show-mail-logs $0 debug show-mail-logs
$0 debug inspect $0 debug inspect
$0 debug login <commands> $0 debug login <commands>
@ -180,6 +181,46 @@ case $1 in
fetchmail) fetchmail)
_docker_image debug-fetchmail _docker_image debug-fetchmail
;; ;;
fail2ban)
shift
JAILS=$(_docker_container fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,//g')
if [ -z "$1" ]; then
IP_COUNT=0
for JAIL in $JAILS; do
BANNED_IP=$(_docker_container iptables -L f2b-$JAIL -n | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')
if [ -n "$BANNED_IP" ]; then
BANNED_IP=$(echo $BANNED_IP | sed -e 's/\n/,/g')
echo "Banned in $JAIL: $BANNED_IP"
IP_COUNT=$((IP_COUNT+1))
fi
done
if [ "$IP_COUNT" -eq 0 ]; then
echo "No IPs have been banned"
fi
else
case $1 in
unban)
shift
if [ -n "$1" ]; then
for JAIL in $JAILS; do
RESULT=`_docker_container fail2ban-client set $JAIL unbanip $@`
case "$RESULT" in
*"is not banned"*) ;;
*"NOK"*) ;;
*) echo -n "unbanned IP from $JAIL: "
echo "$RESULT";;
esac
done
else
echo "You need to specify an IP address. Run \"./setup.sh debug fail2ban\" to get a list of banned IP addresses."
fi
;;
*)
_usage
;;
esac
fi
;;
show-mail-logs) show-mail-logs)
_docker_container cat /var/log/mail/mail.log _docker_container cat /var/log/mail/mail.log
;; ;;

View file

@ -1131,6 +1131,21 @@ load 'test_helper/bats-assert/load'
run ./setup.sh -c mail debug login ls run ./setup.sh -c mail debug login ls
assert_success assert_success
} }
@test "checking setup.sh: setup.sh debug fail2ban" {
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.4"
run docker exec mail_fail2ban /bin/sh -c "fail2ban-client set dovecot banip 192.0.66.5"
sleep 10
run ./setup.sh -c mail_fail2ban debug fail2ban
assert_output "Banned in dovecot: 192.0.66.5 192.0.66.4"
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.4
assert_output --partial "unbanned IP from dovecot: 192.0.66.4"
run ./setup.sh -c mail_fail2ban debug fail2ban
assert_output "Banned in dovecot: 192.0.66.5"
run ./setup.sh -c mail_fail2ban debug fail2ban unban 192.0.66.5
run ./setup.sh -c mail_fail2ban debug fail2ban unban
assert_output --partial "You need to specify an IP address. Run"
}
# #
# LDAP # LDAP