mailinabox/conf/fail2ban/jails.conf

101 lines
2.4 KiB
Plaintext

# Fail2Ban configuration file for Mail-in-a-Box. Do not edit.
# This file is re-generated on updates.
[DEFAULT]
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
# ping services over the public interface so we should whitelist that address of
# ours too. The string is substituted during installation.
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6
bantime = 15m
findtime = 120m
maxretry = 4
[dovecot]
enabled = true
filter = dovecotimap
logpath = /var/log/mail.log
findtime = 2m
maxretry = 20
[miab-management]
enabled = true
filter = miab-management-daemon
port = http,https
logpath = /var/log/syslog
maxretry = 20
findtime = 15m
[miab-munin]
enabled = true
port = http,https
filter = miab-munin
logpath = /var/log/nginx/access.log
maxretry = 20
findtime = 15m
[miab-owncloud]
enabled = true
port = http,https
filter = miab-owncloud
logpath = /var/log/nextcloud.log
maxretry = 20
findtime = 15m
[miab-postfix465]
enabled = true
port = 465
filter = miab-postfix-submission
logpath = /var/log/mail.log
maxretry = 20
findtime = 30
[miab-postfix587]
enabled = true
port = 587
filter = miab-postfix-submission
logpath = /var/log/mail.log
maxretry = 20
findtime = 2m
[miab-roundcube]
enabled = true
port = http,https
filter = miab-roundcube
logpath = /var/log/roundcubemail/errors.log
maxretry = 20
findtime = 15m
[recidive]
enabled = true
maxretry = 10
bantime = 2w
findtime = 7d
action = iptables-allports[name=recidive]
# In the recidive section of jail.conf the action contains:
#
# action = iptables-allports[name=recidive]
# sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
#
# The last line on the action will sent an email to the configured address. This mail will
# notify the administrator that someone has been repeatedly triggering one of the other jails.
# By default we don't configure this address and no action is required from the admin anyway.
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
# can't be delivered to fail2ban@$HOSTNAME.
[postfix-sasl]
enabled = true
findtime = 7d
[postfix]
enabled = true
# postfix rbl also found by postfix jail, but postfix-rbl is more aggressive (maxretry = 1)
[postfix-rbl]
enabled = true
[sshd]
enabled = true
maxretry = 4
bantime = 3600
mode = aggressive