From 78ba13f03be0da09370d49e476c34640aca928cd Mon Sep 17 00:00:00 2001 From: Luke Smith Date: Tue, 31 Jan 2023 14:11:14 -0500 Subject: [PATCH] fail2ban added and configured for extra security --- README.md | 2 ++ emailwiz.sh | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f14814..f08a3ae 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,8 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`. - **Spamassassin** to prevent spam and allow you to make custom filters. - **OpenDKIM** to validate you so you can send to Gmail and other big sites. - The required SSL certificates if not already present. +- **fail2ban** to increase server security, with enabled modules for the above + programs. ## This script does _not_ diff --git a/emailwiz.sh b/emailwiz.sh index 7d95579..9e6c04a 100644 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -29,7 +29,7 @@ umask 0022 -apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools +apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban # Check if OpenDKIM is installed and install it if not. which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools domain="$(cat /etc/mailname)" @@ -311,7 +311,17 @@ postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynet /lib/opendkim/opendkim.service.generate systemctl daemon-reload -for x in spamassassin opendkim dovecot postfix; do +# Enable fail2ban security for dovecot and postfix. +[ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix] +enabled = true +[postfix-sasl] +enabled = true +[sieve] +enabled = true +[dovecot] +enabled = true" > /etc/fail2ban/jail.d/emailwiz.local + +for x in spamassassin opendkim dovecot postfix fail2ban; do printf "Restarting %s..." "$x" service "$x" restart && printf " ...done\\n" systemctl enable "$x"