HGKeeper

Add a fail2ban jail for dovecot

2021-11-28, Gary Kramlich

721bda42384e

Parents 6bf95b9e6799
Children 2f7fd96bf201

Add a fail2ban jail for dovecot

4 files changed, 16 insertions(+), 1 deletions(-)

+6 -0

roles/mail/files/dovecot.fail2ban

+4 -0

roles/mail/handlers/main.yaml

+6 -0

roles/mail/tasks/dovecot.yaml

+0 -1

roles/mail/tasks/software.yaml

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/roles/mail/files/dovecot.fail2ban Sun Nov 28 01:17:20 2021 -0600

@@ -0,0 +1,6 @@

+[dovecot]

+enabled = true

+port = imap,imaps,sieve

+filter = dovecot

+logpath = /var/log/mail.log

+action = ufw

~~--- a/roles/mail/handlers/main.yaml Sun Nov 28 00:45:35 2021 -0600~~

+++ b/roles/mail/handlers/main.yaml Sun Nov 28 01:17:20 2021 -0600

@@ -3,3 +3,7 @@

systemd:

name: "dovecot"

state: "reloaded"

+- name: restart fail2ban

+ systemd:

+ name: fail2ban

+ state: restarted

~~--- a/roles/mail/tasks/dovecot.yaml Sun Nov 28 00:45:35 2021 -0600~~

+++ b/roles/mail/tasks/dovecot.yaml Sun Nov 28 01:17:20 2021 -0600

@@ -27,6 +27,12 @@

label: "{{ item.dest }}"

notify:

- "reload dovecot"

+- name: "install fail2ban jail"

+ copy:

+ src: dovecot.fail2ban

+ dest: /etc/fail2ban/jail.d/dovecot.conf

+ mode: 0644

+ notify: "restart fail2ban"

- name: "check for packaged 10-auth.conf"

stat:

path: "/etc/dovecot/conf.d/10-auth.conf"

~~--- a/roles/mail/tasks/software.yaml Sun Nov 28 00:45:35 2021 -0600~~

+++ /dev/null Thu Jan 01 00:00:00 1970 +0000

@@ -1,1 +0,0 @@

~~----~~

imfreedom/ansible