# Fail2Ban configuration file for Mail-in-a-Box. Do not edit. # This file is re-generated on updates. [DEFAULT] # Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks # ping services over the public interface so we should whitelist that address of # ours too. The string is substituted during installation. ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6 bantime = 15m findtime = 120m maxretry = 4 [dovecot] enabled = true filter = dovecotimap logpath = /var/log/mail.log findtime = 2m maxretry = 20 [miab-management] enabled = true filter = miab-management-daemon port = http,https logpath = /var/log/syslog maxretry = 20 findtime = 15m [miab-munin] enabled = true port = http,https filter = miab-munin logpath = /var/log/nginx/access.log maxretry = 20 findtime = 15m [miab-owncloud] enabled = true port = http,https filter = miab-owncloud logpath = /var/log/nextcloud.log maxretry = 20 findtime = 15m [miab-postfix465] enabled = true port = 465 filter = miab-postfix-submission logpath = /var/log/mail.log maxretry = 20 findtime = 30 [miab-postfix587] enabled = true port = 587 filter = miab-postfix-submission logpath = /var/log/mail.log maxretry = 20 findtime = 2m [miab-roundcube] enabled = true port = http,https filter = miab-roundcube logpath = /var/log/roundcubemail/errors.log maxretry = 20 findtime = 15m [recidive] enabled = true maxretry = 10 bantime = 2w findtime = 7d action = iptables-allports[name=recidive] # In the recidive section of jail.conf the action contains: # # action = iptables-allports[name=recidive] # sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log] # # The last line on the action will sent an email to the configured address. This mail will # notify the administrator that someone has been repeatedly triggering one of the other jails. # By default we don't configure this address and no action is required from the admin anyway. # So the notification is ommited. This will prevent message appearing in the mail.log that mail # can't be delivered to fail2ban@$HOSTNAME. [postfix-sasl] enabled = true findtime = 7d [postfix] enabled = true # postfix rbl also found by postfix jail, but postfix-rbl is more aggressive (maxretry = 1) [postfix-rbl] enabled = true [sshd] enabled = true maxretry = 4 bantime = 3600 mode = aggressive