YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1552 from Ddataa/patch-1

Browse source 
Add postfix SASL login failure to a fail2ban jail
This commit is contained in:
Alexandre Aubin 2022-12-20 23:20:58 +01:00 committed by GitHub
commit 59405ef4c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
conf/fail2ban/postfix-sasl.conf Normal file
View file

@ -0,0 +1,6 @@
# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

7
conf/fail2ban/yunohost-jails.conf
View file

@ -8,6 +8,13 @@ enabled = true
[postfix] [postfix]
enabled = true enabled = true
[sasl]
enabled = true
port = smtp
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 5
[dovecot] [dovecot]
enabled = true enabled = true

1
hooks/conf_regen/52-fail2ban
View file

@ -14,6 +14,7 @@ do_pre_regen() {
mkdir -p "${fail2ban_dir}/jail.d" mkdir -p "${fail2ban_dir}/jail.d"
cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf" cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf"
cp postfix-sasl.conf "${fail2ban_dir}/filter.d/postfix-sasl.conf"
cp jail.conf "${fail2ban_dir}/jail.conf" cp jail.conf "${fail2ban_dir}/jail.conf"
export ssh_port="$(yunohost settings get 'security.ssh.ssh_port')" export ssh_port="$(yunohost settings get 'security.ssh.ssh_port')"