fail2ban added and configured for extra security

This commit is contained in:
Luke Smith 2023-01-31 14:11:14 -05:00
parent 250ffa2ea2
commit 78ba13f03b
2 changed files with 14 additions and 2 deletions

View File

@ -25,6 +25,8 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
- **Spamassassin** to prevent spam and allow you to make custom filters.
- **OpenDKIM** to validate you so you can send to Gmail and other big sites.
- The required SSL certificates if not already present.
- **fail2ban** to increase server security, with enabled modules for the above
programs.
## This script does _not_

View File

@ -29,7 +29,7 @@
umask 0022
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban
# Check if OpenDKIM is installed and install it if not.
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
domain="$(cat /etc/mailname)"
@ -311,7 +311,17 @@ postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynet
/lib/opendkim/opendkim.service.generate
systemctl daemon-reload
for x in spamassassin opendkim dovecot postfix; do
# Enable fail2ban security for dovecot and postfix.
[ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix]
enabled = true
[postfix-sasl]
enabled = true
[sieve]
enabled = true
[dovecot]
enabled = true" > /etc/fail2ban/jail.d/emailwiz.local
for x in spamassassin opendkim dovecot postfix fail2ban; do
printf "Restarting %s..." "$x"
service "$x" restart && printf " ...done\\n"
systemctl enable "$x"