The current (postmodern) FHS practice is to not put boilerplate or defaults into /etc. So yes, files naturally don't exist.
(Picture the year 2008: /etc/squid/squid.conf was almost 4300 lines in size. Only 35 lines were truly relevant, but computers don't know that, so when a new version of the config file came along, it was the admin's job to merge it somehow. Not fun. // Some other reading material: factory reset)
[ENHANCEMENT] fail2ban for grommunio
gromox>=2.20.94 will have zcore report the address as well and the messages are more similar across daemons so to catch it with one fail2ban regex.
Thank you for implementing this!
Just checked the latested Debian 12 packages: 2.20.6
Is there maybe some issue with the Debian build pipeline again? I´m just asking as the version difference seems to be a bit high.
Decided to give /community a slower publishing pace.
The [postfix-sasl]
jail do not work as expected. We need to modify the jail file: /etc/fail2ban/jail.local
and replace the [postfix-sasl]
section with:
[postfix-sasl]
enabled = true
backend = systemd
maxentry = 3
bantime = 1h
filter = postfix[mode=auth]
port = smtp,465,submission,imap,imaps,pop3,pop3s
#
Restart fail2ban with systemctl restart fail2ban
, now SASL logins should be blocked.
I can confirm that the issue from @faspie still applies to a grommunio SUSE appliance which was installed in November 2023 and only updated/upgraded since then. Just remove busybox-ed
(whoever installed that) and let zypper in fail2ban
do the rest.
@WalterH 's templates in combination with @crpb 's installation script worked like a charm. Thanks to both of you for providing them