mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-23 07:27:05 +00:00
d510c8ae2a
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
87 lines
2.1 KiB
Plaintext
87 lines
2.1 KiB
Plaintext
# Fail2Ban configuration file for Mail-in-a-Box. Do not edit.
|
|
# This file is re-generated on updates.
|
|
|
|
[DEFAULT]
|
|
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
|
# ping services over the public interface so we should whitelist that address of
|
|
# ours too. The string is substituted during installation.
|
|
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
|
|
|
[dovecot]
|
|
enabled = true
|
|
filter = dovecotimap
|
|
logpath = /var/log/mail.log
|
|
findtime = 30
|
|
maxretry = 20
|
|
|
|
[miab-management]
|
|
enabled = true
|
|
filter = miab-management-daemon
|
|
port = http,https
|
|
logpath = /var/log/syslog
|
|
maxretry = 20
|
|
findtime = 30
|
|
|
|
[miab-munin]
|
|
enabled = true
|
|
port = http,https
|
|
filter = miab-munin
|
|
logpath = /var/log/nginx/access.log
|
|
maxretry = 20
|
|
findtime = 30
|
|
|
|
[miab-owncloud]
|
|
enabled = true
|
|
port = http,https
|
|
filter = miab-owncloud
|
|
logpath = STORAGE_ROOT/owncloud/nextcloud.log
|
|
maxretry = 20
|
|
findtime = 120
|
|
|
|
[miab-postfix465]
|
|
enabled = true
|
|
port = 465
|
|
filter = miab-postfix-submission
|
|
logpath = /var/log/mail.log
|
|
maxretry = 20
|
|
findtime = 30
|
|
|
|
[miab-postfix587]
|
|
enabled = true
|
|
port = 587
|
|
filter = miab-postfix-submission
|
|
logpath = /var/log/mail.log
|
|
maxretry = 20
|
|
findtime = 30
|
|
|
|
[miab-roundcube]
|
|
enabled = true
|
|
port = http,https
|
|
filter = miab-roundcube
|
|
logpath = /var/log/roundcubemail/errors.log
|
|
maxretry = 20
|
|
findtime = 30
|
|
|
|
[recidive]
|
|
enabled = true
|
|
maxretry = 10
|
|
action = iptables-allports[name=recidive]
|
|
# In the recidive section of jail.conf the action contains:
|
|
#
|
|
# action = iptables-allports[name=recidive]
|
|
# sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
|
|
#
|
|
# The last line on the action will sent an email to the configured address. This mail will
|
|
# notify the administrator that someone has been repeatedly triggering one of the other jails.
|
|
# By default we don't configure this address and no action is required from the admin anyway.
|
|
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
|
|
# can't be delivered to fail2ban@$HOSTNAME.
|
|
|
|
[postfix-sasl]
|
|
enabled = true
|
|
|
|
[sshd]
|
|
enabled = true
|
|
maxretry = 7
|
|
bantime = 3600
|