docker
/
docker-mailserver
mirror of https://github.com/tomav/docker-mailserver.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve fail2ban docs and fix a typo (#2126) 

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This commit is contained in:
William Desportes 2021-08-13 10:30:39 +02:00 committed by GitHub
parent 21f4668e83
commit 3a38b23a1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/content/config/security/fail2ban.md
View File

@ -4,10 +4,30 @@ hide:
- toc # Hide Table of Contents for this page
---
Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default. If you want to change this, you can easily edit [`config/fail2ban-jail.cf`][github-file-f2bjail].
Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default.
## Configuration files
If you want to change this, you can easily edit [`config/fail2ban-jail.cf`][github-file-f2bjail].
You can do the same with the values from `fail2ban.conf`, e.g `dbpurgeage`. In that case you need to edit [`config/fail2ban-fail2ban.cf`][github-file-f2bconfig].
The configuration files need to be located at the root of the `/tmp/docker-mailserver/` volume bind.
This following configuration files from `/tmp/docker-mailserver/` will be copied at boot time.
- `fail2ban-jail.cf` -> `/etc/fail2ban/jail.d/user-jail.local`
- `fail2ban-fail2ban.cf` -> `/etc/fail2ban/fail2ban.local`
### Docker-compose config
Example configuration volume bind:
```yaml
volumes:
- ./config/:/tmp/docker-mailserver/
```
!!! attention
The mail container must be launched with the `NET_ADMIN` capability in order to be able to install the iptable rules that actually ban IP addresses.
@ -28,8 +48,24 @@ t initialize iptables table `filter': Permission denied (you must be root)\nPerh
j f2b-postfix
```
## Manage bans
You can also manage and list the banned IPs with the [`setup.sh`][docs-setupsh] script.
### List bans
```sh
./setup.sh debug fail2ban
```
### Un-ban
Here `192.168.1.15` is our banned IP.
```sh
./setup.sh debug fail2ban unban 192.168.1.15
```
[docs-setupsh]: ../setup.sh.md
[github-file-f2bjail]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-jail.cf
[github-file-f2bconfig]: https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-fail2ban.cf

2
target/amavis/conf.d/62-improve_privacy_remove_headers
View File

@ -3,7 +3,7 @@ use strict;
# disable the "Received" headers to be added to the mail header
$allowed_added_header_fields{lc('Received')} = 0;
# Hide with whay virus scanner we scan
# Hide with what virus scanner we scan
$X_HEADER_LINE = "Yes";
#------------ Do not modify anything below this line -------------