1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00

update readme

This commit is contained in:
KiekerJan 2021-08-16 12:12:20 +02:00
parent 19799fd5e6
commit b036b09eb1

View File

@ -10,7 +10,7 @@ Functionality changes and additions
This applies geoip filtering on acces to the admin panel of the box. Order of filtering: block continents that are not allowed, block countries that are not allowed, allow countries that are allowed (overriding continent filtering). Edit /etc/nginx/conf.d/10-geoblock.conf to configure. This applies geoip filtering on acces to the admin panel of the box. Order of filtering: block continents that are not allowed, block countries that are not allowed, allow countries that are allowed (overriding continent filtering). Edit /etc/nginx/conf.d/10-geoblock.conf to configure.
* Add geoipblocking for ssh access * Add geoipblocking for ssh access
This applies geoip filtering for access to the ssh server. Edit /etc/geoiplookup.conf. All countries defined in this file are allowed. Works for alternate ssh ports. This applies geoip filtering for access to the ssh server. Edit /etc/geoiplookup.conf. All countries defined in this file are allowed. Works for alternate ssh ports.
* Make fail2ban a more strict * Make fail2ban more strict
enable postfix filters, lengthen bantime and findtime enable postfix filters, lengthen bantime and findtime
* Add fail2ban jails for both above mentioned geoipblocking filters * Add fail2ban jails for both above mentioned geoipblocking filters
* Add fail2ban filters for web scanners and badbots * Add fail2ban filters for web scanners and badbots
@ -25,6 +25,8 @@ Functionality changes and additions
To be used before for example when changing IP addresses. Shortening TTL values will propagate changes faster. For reference, default TTL is 1 day, short TTL is 5 minutes. To use, edit file /etc/forceshortdnsttl and add a line for each domain for which shorter TTLs should be used. To use short TTLs for all known domains, add "forceshortdnsttl" To be used before for example when changing IP addresses. Shortening TTL values will propagate changes faster. For reference, default TTL is 1 day, short TTL is 5 minutes. To use, edit file /etc/forceshortdnsttl and add a line for each domain for which shorter TTLs should be used. To use short TTLs for all known domains, add "forceshortdnsttl"
* Use the box as a Hidden Master in the DNS system * Use the box as a Hidden Master in the DNS system
Thus only the secondary DNS servers are used as public DNS servers. When using a hidden master, no glue records are necessary at your domain hoster. To use, first setup secondary DNS servers via the Custom DNS administration page. At least two secondary servers should be set. When that functions, edit file /etc/usehiddenmasterdns and add a line for each domain for which Hidden Master should be used. To use Hidden Master for all known domains, add "usehiddenmasterdns". Thus only the secondary DNS servers are used as public DNS servers. When using a hidden master, no glue records are necessary at your domain hoster. To use, first setup secondary DNS servers via the Custom DNS administration page. At least two secondary servers should be set. When that functions, edit file /etc/usehiddenmasterdns and add a line for each domain for which Hidden Master should be used. To use Hidden Master for all known domains, add "usehiddenmasterdns".
* Daily ip blacklist check
Using check-dnsbl.py from https://github.com/gsauthof/utilit
Bug fixes Bug fixes
* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865) * Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)
@ -40,8 +42,10 @@ Maintenance (personal)
* Remove nextcloud skeleton to save disk space * Remove nextcloud skeleton to save disk space
Fun Fun
* Add option to define ADMIN_IP_ADDRESS (currently only used to ignore fail2ban jails) * Add option to define ADMIN_IP_ADDRESS
* Add dynamic dns tools in the tools directory. Currently only used to ignore fail2ban jails
* Add dynamic dns tools in the tools directory
Can be used to control DNS entries on the mail-in-a-box to point to a machine with a non-fixed (e.g. residential) ip address
Original mailinabox content starts here: Original mailinabox content starts here: