From b036b09eb1a6ffe1795014c0e7c80d9fa823adf2 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Mon, 16 Aug 2021 12:12:20 +0200 Subject: [PATCH] update readme --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f3df0629..6c5b5199 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Functionality changes and additions This applies geoip filtering on acces to the admin panel of the box. Order of filtering: block continents that are not allowed, block countries that are not allowed, allow countries that are allowed (overriding continent filtering). Edit /etc/nginx/conf.d/10-geoblock.conf to configure. * Add geoipblocking for ssh access This applies geoip filtering for access to the ssh server. Edit /etc/geoiplookup.conf. All countries defined in this file are allowed. Works for alternate ssh ports. -* Make fail2ban a more strict +* Make fail2ban more strict enable postfix filters, lengthen bantime and findtime * Add fail2ban jails for both above mentioned geoipblocking filters * Add fail2ban filters for web scanners and badbots @@ -25,6 +25,8 @@ Functionality changes and additions To be used before for example when changing IP addresses. Shortening TTL values will propagate changes faster. For reference, default TTL is 1 day, short TTL is 5 minutes. To use, edit file /etc/forceshortdnsttl and add a line for each domain for which shorter TTLs should be used. To use short TTLs for all known domains, add "forceshortdnsttl" * Use the box as a Hidden Master in the DNS system Thus only the secondary DNS servers are used as public DNS servers. When using a hidden master, no glue records are necessary at your domain hoster. To use, first setup secondary DNS servers via the Custom DNS administration page. At least two secondary servers should be set. When that functions, edit file /etc/usehiddenmasterdns and add a line for each domain for which Hidden Master should be used. To use Hidden Master for all known domains, add "usehiddenmasterdns". +* Daily ip blacklist check + Using check-dnsbl.py from https://github.com/gsauthof/utilit Bug fixes * Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865) @@ -40,8 +42,10 @@ Maintenance (personal) * Remove nextcloud skeleton to save disk space Fun -* Add option to define ADMIN_IP_ADDRESS (currently only used to ignore fail2ban jails) -* Add dynamic dns tools in the tools directory. +* Add option to define ADMIN_IP_ADDRESS + Currently only used to ignore fail2ban jails +* Add dynamic dns tools in the tools directory + Can be used to control DNS entries on the mail-in-a-box to point to a machine with a non-fixed (e.g. residential) ip address Original mailinabox content starts here: