Skip to content

Added postfix and dovecot for fail2ban#476

Open
Spitfireap wants to merge 3 commits intomodoboa:masterfrom
Spitfireap:fail2ban-improvement
Open

Added postfix and dovecot for fail2ban#476
Spitfireap wants to merge 3 commits intomodoboa:masterfrom
Spitfireap:fail2ban-improvement

Conversation

@Spitfireap
Copy link
Member

@Spitfireap Spitfireap commented Feb 9, 2023

Not tested yet.

@codecov
Copy link

codecov bot commented Feb 9, 2023
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.07%. Comparing base (63d92b7) to head (3113eaf).
⚠️ Report is 286 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #476   +/-   ##
=======================================
  Coverage   50.07%   50.07%           
=======================================
  Files          10       10           
  Lines         681      681           
=======================================
  Hits          341      341           
  Misses        340      340

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Spitfireap Spitfireap marked this pull request as ready for review February 10, 2023 14:24
@Spitfireap Spitfireap requested a review from tonioo February 10, 2023 14:24
@xinomilo
Copy link

xinomilo commented Mar 21, 2024
edited
Loading

port 587 , can also be written as "submission". so you could use :
"default": "http,https,pop3,pop3s,imap,imaps,submission"
( just for the looks of it, doesn't make any difference :) )

also filter names in jail.d/[doveot|postfix].conf should be "dovecot-modoboa" and "postfix-modoboa"

edit] actually, filters dovecot-modoboa.conf and postfix-modoboa.conf are identical with fail2ban defaults dovecot.conf and postifx.conf, so maybe those are not needed at all.. just use fail2ban defaults (?)
(compared to filters shipped with fail2ban 0.11.2-2 in Debian 11.9)

@almereyda
Copy link
Contributor

almereyda commented Jul 19, 2024

The [postfix], [modoboa] and [dovecot] sections all specify the same ports = %ports_blocked setting.

It may be good to split ports_blocked into dedicated constants for postfix_ports_blocked (smtps,submission), modoboa_ports_blocked (http,https) and dovecot_ports_blocked (pop3,pop3s,imap,imaps). This could help not setting ports on applications which don't effectively use them.

Since RFC 8314 the SMTPS port 465 with implicit TLS is the default MTA entrypoint. This means smtps would have to be added to postfix_ports_blocked.

Further I agree to use the default, packaged configuration files and remove them here, if they are not to be altered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonioo tonioo Awaiting requested review from tonioo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Spitfireap @xinomilo @almereyda