amirho/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2026-02-25 20:25:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Page: Configure Fail2ban
Pages
Configure AWS SES Configure Accounts Configure Aliases Configure DKIM Configure DMARC Configure Fail2ban Configure LDAP Configure POP3 Configure Relay Hosts Configure SPF Configure SSL Configure Sieve filters Configure autodiscover Debugging FAQ and Tips Forward Only mailserver with LDAP authentication Full text search Home IPv6 Installation Examples Introduction List of optional config files & directories Override Default Dovecot Configuration Override Default Postfix Configuration Retrieve emails from a remote mail server (using builtin fetchmail) Understanding the ports Update and cleanup Using in Kubernetes setup.sh
Clone
5
Configure Fail2ban
17Halbe edited this page 2018-02-08 08:28:41 +01:00

Fail2ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default. If you want to change this, you can easily edit config/fail2ban-jail.cf. You can do the same with the values from fail2ban.conf, e.g dbpurgeage. In that case you need to edit config/fail2ban-fail2ban.cf

Important: The mail container must be launched with the NET_ADMIN capability in order to be able to install the iptable rules that actually ban IP addresses. Thus either include --cap-add=NET_ADMIN in the docker run commandline or the equivalent docker-compose.yml:

   cap_add:
     - NET_ADMIN

If you don't you will see errors of the form

iptables -w -X f2b-postfix -- stderr: "getsockopt failed strangely: Operation not permitted\niptables v1.4.21: can't initialize iptabl
es table `filter': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\niptables v1.4.21: can'
t initialize iptables table `filter': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n"
2016-06-01 00:53:51,284 fail2ban.action         [678]: ERROR   iptables -w -D INPUT -p tcp -m multiport --dports smtp,465,submission -
j f2b-postfix

You can also manage and list the banned IPs with the setup.sh script.

© Docker Mailserver Organization

This project is licensed under the MIT license.