diff --git a/config/fail2ban-jail.cf b/config/fail2ban-jail.cf
new file mode 100644
index 00000000..7b426c4a
--- /dev/null
+++ b/config/fail2ban-jail.cf
@@ -0,0 +1,11 @@
+[DEFAULT]
+
+# "bantime" is the number of seconds that a host is banned.
+#bantime  = 10800
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+#findtime  = 600
+
+# "maxretry" is the number of failures before a host get banned.
+#maxretry = 3
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
index a7a85033..37859b28 100644
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@@ -263,8 +263,13 @@ SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag
 SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
 test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
 
-# Disable logrotate config for fail2ban if not enabled
-test -z "$ENABLE_FAIL2BAN" && rm -f /etc/logrotate.d/fail2ban
+if [ "$ENABLE_FAIL2BAN" = 1 ]; then
+  test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
+else
+  # Disable logrotate config for fail2ban if not enabled
+  rm -f /etc/logrotate.d/fail2ban
+fi
+
 # Fix cron.daily for spamassassin
 sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin