The current (postmodern) FHS practice is to not put boilerplate or defaults into /etc. So yes, files naturally don't exist.
(Picture the year 2008: /etc/squid/squid.conf was almost 4300 lines in size. Only 35 lines were truly relevant, but computers don't know that, so when a new version of the config file came along, it was the admin's job to merge it somehow. Not fun. // Some other reading material: factory reset)

10 days later

gromox>=2.20.94 will have zcore report the address as well and the messages are more similar across daemons so to catch it with one fail2ban regex.

    Thank you for implementing this!
    Just checked the latested Debian 12 packages: 2.20.6
    Is there maybe some issue with the Debian build pipeline again? I´m just asking as the version difference seems to be a bit high.

    Decided to give /community a slower publishing pace.

    5 days later

    The [postfix-sasl] jail do not work as expected. We need to modify the jail file: /etc/fail2ban/jail.local and replace the [postfix-sasl] section with:

    [postfix-sasl]
    enabled = true
    backend = systemd
    maxentry = 3
    bantime = 1h
    filter  = postfix[mode=auth]
    port    = smtp,465,submission,imap,imaps,pop3,pop3s
    #

    Restart fail2ban with systemctl restart fail2ban, now SASL logins should be blocked.

    2 months later

    I can confirm that the issue from @faspie still applies to a grommunio SUSE appliance which was installed in November 2023 and only updated/upgraded since then. Just remove busybox-ed (whoever installed that) and let zypper in fail2ban do the rest.

    @WalterH 's templates in combination with @crpb 's installation script worked like a charm. Thanks to both of you for providing them 🎉

    © 2020-2024 grommunio GmbH. All rights reserved. | https://grommunio.com | Data Protection | Legal notice