mirror of
				https://github.com/mail-in-a-box/mailinabox.git
				synced 2025-10-26 18:10:54 +00:00 
			
		
		
		
	Merge remote-tracking branch 'upstream/master'
This commit is contained in:
		
						commit
						1d625d7649
					
				| @ -1,6 +1,13 @@ | |||||||
| CHANGELOG | CHANGELOG | ||||||
| ========= | ========= | ||||||
| 
 | 
 | ||||||
|  | In Development | ||||||
|  | -------------- | ||||||
|  | 
 | ||||||
|  | System: | ||||||
|  | 
 | ||||||
|  | * Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back. | ||||||
|  | 
 | ||||||
| v0.40 (January 12, 2019) | v0.40 (January 12, 2019) | ||||||
| ------------------------ | ------------------------ | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -3,5 +3,6 @@ | |||||||
| before = common.conf | before = common.conf | ||||||
| 
 | 
 | ||||||
| [Definition] | [Definition] | ||||||
|  | datepattern = %%Y-%%m-%%d %%H:%%M:%%S | ||||||
| failregex=Login failed: .*Remote IP: '<HOST>[\)'] | failregex=Login failed: .*Remote IP: '<HOST>[\)'] | ||||||
| ignoreregex = | ignoreregex = | ||||||
|  | |||||||
| @ -69,13 +69,10 @@ action   = iptables-allports[name=recidive] | |||||||
| # So the notification is ommited. This will prevent message appearing in the mail.log that mail | # So the notification is ommited. This will prevent message appearing in the mail.log that mail | ||||||
| # can't be delivered to fail2ban@$HOSTNAME. | # can't be delivered to fail2ban@$HOSTNAME. | ||||||
| 
 | 
 | ||||||
| [sasl] | [postfix-sasl] | ||||||
| enabled  = true | enabled  = true | ||||||
| 
 | 
 | ||||||
| [ssh] | [sshd] | ||||||
| enabled = true | enabled = true | ||||||
| maxretry = 7 | maxretry = 7 | ||||||
| bantime = 3600 | bantime = 3600 | ||||||
| 
 |  | ||||||
| [ssh-ddos] |  | ||||||
| enabled  = true |  | ||||||
|  | |||||||
| @ -339,6 +339,7 @@ systemctl restart systemd-resolved | |||||||
| 
 | 
 | ||||||
| # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc. | # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc. | ||||||
| rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore | rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore | ||||||
|  | rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config | ||||||
| cat conf/fail2ban/jails.conf \ | cat conf/fail2ban/jails.conf \ | ||||||
| 	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ | 	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ | ||||||
| 	| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \ | 	| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \ | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user