From b6f26c0f1eada856452a101417d5b6aacdcebdb7 Mon Sep 17 00:00:00 2001
From: anoma <AlanNomander@gmail.com>
Date: Mon, 6 Jul 2015 13:42:41 +0100
Subject: [PATCH 1/2] Revert to defaults FAIL2BAN findtime and maxretry

Reverts the remaining FAIL2BAN settings to default: findtime 600 and maxretry 3. As jail settings override default settings this was hardly being used anyway so it is better to explicitly set it per jail as and when required.
---
 conf/fail2ban/jail.local | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local
index 48a30fa9..a338e07b 100644
--- a/conf/fail2ban/jail.local
+++ b/conf/fail2ban/jail.local
@@ -1,11 +1,5 @@
 # Fail2Ban configuration file for Mail-in-a-Box
 
-[DEFAULT]
-
-# This should ban dumb brute-force attacks, not oblivious users.
-findtime = 30
-maxretry = 20
-
 # JAILS
 
 [ssh-ddos]

From e591d9082ffe710829dfdf6cc2a45d505044cb0d Mon Sep 17 00:00:00 2001
From: anoma <AlanNomander@gmail.com>
Date: Mon, 6 Jul 2015 13:44:53 +0100
Subject: [PATCH 2/2] Ultra safe dovecot findtime and maxretry settings

Explicitly set the timings and counts for the dovecot jail rather than change the global [DEFAULT] and inherit it for this one jail. These settings are far too safe so a future PR should increase security here.
---
 conf/fail2ban/jail.local | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local
index a338e07b..9ecb2095 100644
--- a/conf/fail2ban/jail.local
+++ b/conf/fail2ban/jail.local
@@ -11,3 +11,5 @@ enabled  = true
 [dovecot]
 enabled = true
 filter  = dovecotimap
+findtime = 30
+maxretry = 20