container-server/services/mail/config/fail2ban-jail.cf

40 lines
1.1 KiB
CFEngine3

[DEFAULT]
# "bantime" is the number of seconds that a host is banned.
bantime = 3d
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 15m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
# default ban action
# nftables-multiport: block IP only on affected port
# nftables-allports: block IP on all ports
banaction = nftables-allports
[dovecot]
enabled = true
[postfix]
enabled = true
# For a reference on why this mode was chose, see
# https://github.com/docker-mailserver/docker-mailserver/issues/3256#issuecomment-1511188760
mode = extra
[postfix-sasl]
enabled = true
# This jail is used for manual bans.
# To ban an IP address use: setup.sh fail2ban ban <IP>
[custom]
enabled = true
bantime = 30d
port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve