about summary refs log tree commit diff
diff options
context:
space:
mode:
authorNgô Ngọc Đức Huy <huyngo@disroot.org>2024-03-25 14:52:01 +0700
committerNgô Ngọc Đức Huy <huyngo@disroot.org>2024-03-25 14:52:01 +0700
commitc068201813845d32d55169aa495c2aace27e9502 (patch)
tree79f19bb6230c9bf2e8bd1b8fe79f567b3a9da0db
parentaf6b4731e458b40821a18438223edc8a05014779 (diff)
downloadnixos-conf-c068201813845d32d55169aa495c2aace27e9502.tar.gz
Update filter for maddy
-rw-r--r--fail2ban-filters/maddy.conf9
-rw-r--r--fail2ban.nix8
-rw-r--r--mail.nix2
3 files changed, 17 insertions, 2 deletions
diff --git a/fail2ban-filters/maddy.conf b/fail2ban-filters/maddy.conf
new file mode 100644
index 0000000..b354315
--- /dev/null
+++ b/fail2ban-filters/maddy.conf
@@ -0,0 +1,9 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = maddy
+
+failregex = authentication failed\s{"reason":"auth: invalid credentials","src_ip":"<HOST>
diff --git a/fail2ban.nix b/fail2ban.nix
index 018d4d8..06dd4ec 100644
--- a/fail2ban.nix
+++ b/fail2ban.nix
@@ -18,6 +18,11 @@
 
 { pkgs, ... }:
 {
+  environment.etc = {
+    "fail2ban/filter.d/maddy.conf" = {
+      source = ./fail2ban-filters/maddy.conf
+    }
+  }
   services.fail2ban = {
     enable = true;
     bantime = "30m";
@@ -28,7 +33,8 @@
     jails = {
       maddy = {
         settings = {
-          logpath = "/var/log/maddy.log";
+          filter = "maddy";
+          # logpath = "/var/log/maddy.log";
         };
       };
     };
diff --git a/mail.nix b/mail.nix
index edb5da0..2856d1a 100644
--- a/mail.nix
+++ b/mail.nix
@@ -44,7 +44,7 @@ in {
           use_helper no
         }
 
-        log syslog /var/log/maddy/maddy.log
+        log syslog
 
         storage.imapsql local_mailboxes {
           driver sqlite3