New index, Fail2ban setup
This commit is contained in:
andryyy
@@ -158,6 +158,84 @@ docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd
|
||||
docker-compose exec postfix-mailcow postfix reload
|
||||
```
|
||||
|
||||
## Optional: Log to Syslog
|
||||
|
||||
Enable Rsyslog to receive logs on 524/tcp:
|
||||
|
||||
```
|
||||
# This setting depends on your Rsyslog version and configuration format.
|
||||
# For most Debian derivates it will work like this...
|
||||
$ModLoad imtcp
|
||||
$TCPServerAddress 127.0.0.1
|
||||
$InputTCPServerRun 524
|
||||
|
||||
# ...while for Ubuntu 16.04 it looks like this:
|
||||
module(load="imtcp")
|
||||
input(type="imtcp" address="127.0.0.1" port="524")
|
||||
|
||||
# No matter your Rsyslog version, you should set this option to off
|
||||
# if you plan to use Fail2ban
|
||||
$RepeatedMsgReduction off
|
||||
```
|
||||
|
||||
Restart rsyslog after enabling the TCP listener.
|
||||
|
||||
Now setup Docker daemon to start with the syslog driver.
|
||||
This enables the syslog driver for all containers!
|
||||
|
||||
Debian users can change the startup configuration in `/etc/default/docker` while CentOS users find it in `/etc/sysconfig/docker`:
|
||||
```
|
||||
...
|
||||
DOCKER_OPTS="--log-driver=syslog --log-opt syslog-address=tcp://127.0.0.1:524"
|
||||
...
|
||||
```
|
||||
|
||||
**Caution:** For some reason Ubuntu 16.04 and some, but not all, systemd based distros do not read the defaults file parameters.
|
||||
|
||||
Just run `systemctl edit docker.service` and add the following content to fix it.
|
||||
|
||||
**Note:** If "systemctl edit" is not available, just copy the content to `/etc/systemd/system/docker.service.d/override.conf`.
|
||||
|
||||
The first empty ExecStart parameter is not a mistake.
|
||||
|
||||
```
|
||||
[Service]
|
||||
EnvironmentFile=/etc/default/docker
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
|
||||
```
|
||||
|
||||
Restart the Docker daemon and run `docker-compose down && docker-compose up -d` to recreate the containers.
|
||||
|
||||
### Use Fail2ban
|
||||
|
||||
**This is a subsection of "Log to Syslog", which is required for Fail2ban to work.**
|
||||
|
||||
Open `/etc/fail2ban/filter.d/common.conf` and search for the prefix_line parameter, change it to ".*":
|
||||
|
||||
```
|
||||
__prefix_line = .*
|
||||
```
|
||||
|
||||
Create `/etc/fail2ban/jail.d/dovecot.conf`...
|
||||
```
|
||||
[dovecot]
|
||||
enabled = true
|
||||
filter = dovecot
|
||||
logpath = /var/log/syslog
|
||||
chain = FORWARD
|
||||
```
|
||||
|
||||
and `jail.d/postfix-sasl.conf`:
|
||||
```
|
||||
[postfix-sasl]
|
||||
enabled = true
|
||||
filter = postfix-sasl
|
||||
logpath = /var/log/syslog
|
||||
chain = FORWARD
|
||||
```
|
||||
|
||||
Restart Fail2ban.
|
||||
|
||||
## Install a local MTA
|
||||
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
# mailcow: dockerized - 🐮 + 🐋 = 💕
|
||||
|
||||
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JWBSYHF4SMC68)
|
||||
[](https://www.servercow.de)
|
||||
|
||||
If you want to support mailcow, consider hosting mailcow on a Servercow virtual machine @ Servercow!
|
||||
|
||||
## Screenshots
|
||||
|
||||
@@ -30,6 +32,7 @@ mailcow dockerized comes with **11 containers** linked in **one bridged network*
|
||||
- mysql-vol-1
|
||||
- rspamd-vol-1
|
||||
- postfix-vol-1
|
||||
- crypt-vol-1
|
||||
|
||||
The integrated **mailcow UI** allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user