diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf
index 6c6fee32..952dc35a 100644
--- a/conf/fail2ban/jails.conf
+++ b/conf/fail2ban/jails.conf
@@ -69,13 +69,10 @@ action   = iptables-allports[name=recidive]
 # So the notification is ommited. This will prevent message appearing in the mail.log that mail
 # can't be delivered to fail2ban@$HOSTNAME.
 
-[sasl]
+[postfix-sasl]
 enabled  = true
 
-[ssh]
+[sshd]
 enabled = true
 maxretry = 7
 bantime = 3600
-
-[ssh-ddos]
-enabled  = true
diff --git a/setup/system.sh b/setup/system.sh
index 2fecac8e..380898aa 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -332,6 +332,7 @@ systemctl restart systemd-resolved
 
 # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
 rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
+rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
 cat conf/fail2ban/jails.conf \
 	| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
 	| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \