From 7368b4caea442dc9245aa7c78a759144787d7875 Mon Sep 17 00:00:00 2001
From: "github@kiekerjan.isdronken.nl" <github@kiekerjan.isdronken.nl>
Date: Wed, 28 Apr 2021 15:57:52 +0200
Subject: [PATCH] simplify fail2ban configuration

---
 conf/fail2ban/filter.d/postfix-spamhaus.conf | 11 -----------
 conf/fail2ban/jails.conf                     | 13 ++++---------
 2 files changed, 4 insertions(+), 20 deletions(-)
 delete mode 100644 conf/fail2ban/filter.d/postfix-spamhaus.conf

diff --git a/conf/fail2ban/filter.d/postfix-spamhaus.conf b/conf/fail2ban/filter.d/postfix-spamhaus.conf
deleted file mode 100644
index 40ccaf3d..00000000
--- a/conf/fail2ban/filter.d/postfix-spamhaus.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# Fail2Ban filter based on spamhaus entries
-
-[INCLUDES]
-
-before = common.conf
-
-[Definition]
-
-failregex = .*?box postfix/smtpd.*?NOQUEUE: reject: RCPT from.*?\[<HOST>\]: 554 5\.7\.1 Service unavailable.*?zen\.spamhaus\.org.*$
-
-ignoreregex =
diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf
index 56be14a4..1c100c3b 100644
--- a/conf/fail2ban/jails.conf
+++ b/conf/fail2ban/jails.conf
@@ -81,17 +81,12 @@ findtime = 7d
 [postfix]
 enabled  = true
 
+# postfix rbl also found by postfix jail, but postfix-rbl is more aggressive (maxretry = 1)
+[postfix-rbl]
+enabled  = true
+
 [sshd]
 enabled = true
 maxretry = 4
 bantime = 3600
 mode = aggressive
-
-[postfix-spamhaus]
-port     = smtp,465,submission
-filter   = postfix-spamhaus
-logpath  = /var/log/mail.log
-maxretry = 2
-findtime = 120m
-bantime  = 1d
-enabled  = true