Merge remote-tracking branch 'upstream/master' into credential-cache-simple

master
Florent Daigniere 4 years ago
commit feff121a9b

@ -528,25 +528,42 @@ The above will block flagged IPs for a week, you can of course change it to you
actionstart = iptables -N f2b-bad-auth actionstart = iptables -N f2b-bad-auth
iptables -A f2b-bad-auth -j RETURN iptables -A f2b-bad-auth -j RETURN
iptables -I FORWARD -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth iptables -I DOCKER-USER -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth
actionstop = iptables -D FORWARD -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth actionstop = iptables -D DOCKER-USER -p tcp -m multiport --dports 1:1024 -j f2b-bad-auth
iptables -F f2b-bad-auth iptables -F f2b-bad-auth
iptables -X f2b-bad-auth iptables -X f2b-bad-auth
actioncheck = iptables -n -L FORWARD | grep -q 'f2b-bad-auth[ \t]' actioncheck = iptables -n -L DOCKER-USER | grep -q 'f2b-bad-auth[ \t]'
actionban = iptables -I f2b-bad-auth 1 -s <ip> -j DROP actionban = iptables -I f2b-bad-auth 1 -s <ip> -j DROP
actionunban = iptables -D f2b-bad-auth -s <ip> -j DROP actionunban = iptables -D f2b-bad-auth -s <ip> -j DROP
5. Restart Fail2Ban Using DOCKER-USER chain ensures that the blocked IPs are processed in the correct order with Docker. See more in: https://docs.docker.com/network/iptables/
5. Configure and restart the Fail2Ban service
Make sure Fail2Ban is started after the Docker service by adding a partial override which appends this to the existing configuration.
.. code-block:: bash
sudo systemctl edit fail2ban
Add the override and save the file.
.. code-block:: bash
[Unit]
After=docker.service
Restart the Fail2Ban service.
.. code-block:: bash .. code-block:: bash
sudo systemctl restart fail2ban sudo systemctl restart fail2ban
*Issue reference:* `85`_, `116`_, `171`_, `584`_, `592`_. *Issue reference:* `85`_, `116`_, `171`_, `584`_, `592`_, `1727`_.
Users can't change their password from webmail Users can't change their password from webmail
`````````````````````````````````````````````` ``````````````````````````````````````````````
@ -670,7 +687,7 @@ iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 25 -j SNAT --to <your mx i
.. _`1090`: https://github.com/Mailu/Mailu/issues/1090 .. _`1090`: https://github.com/Mailu/Mailu/issues/1090
.. _`unbound`: https://nlnetlabs.nl/projects/unbound/about/ .. _`unbound`: https://nlnetlabs.nl/projects/unbound/about/
.. _`1438`: https://github.com/Mailu/Mailu/issues/1438 .. _`1438`: https://github.com/Mailu/Mailu/issues/1438
.. _`1727`: https://github.com/Mailu/Mailu/issues/1727
A user gets ``Sender address rejected: Access denied. Please check the`` ``message recipient […] and try again`` even though the sender is legitimate? A user gets ``Sender address rejected: Access denied. Please check the`` ``message recipient […] and try again`` even though the sender is legitimate?
`````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````` ``````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````

@ -2,7 +2,7 @@ server:
verbosity: 1 verbosity: 1
interface: 0.0.0.0 interface: 0.0.0.0
interface: ::0 interface: ::0
logfile: /dev/stdout logfile: ""
do-ip4: yes do-ip4: yes
do-ip6: yes do-ip6: yes
do-udp: yes do-udp: yes

@ -26,7 +26,7 @@ services:
{% if bind4 %} {% if bind4 %}
- "{{ bind4 }}:{{ port }}:{{ port }}" - "{{ bind4 }}:{{ port }}:{{ port }}"
{% endif %} {% endif %}
{% if bind6 %} {% if ipv6_enabled and bind6 %}
- "{{ bind6 }}:{{ port }}:{{ port }}" - "{{ bind6 }}:{{ port }}:{{ port }}"
{% endif %} {% endif %}
{% endfor %} {% endfor %}

Loading…
Cancel
Save