Fail2ban config start: The Chicken first

Author: latham

install/lib/installer_base.lib.php

@@ -133,6 +133,7 @@ public function find_installed_apps() {
 		if(is_installed('squid')) $conf['squid']['installed'] = true;
 		if(is_installed('nginx')) $conf['nginx']['installed'] = true;
 		if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
+		if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
 		if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
 
 		if ($conf['services']['web'] && $conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) $this->ispconfig_interface_installed = true;
@@ -1898,4 +1899,4 @@ protected function insert_db_credentials($tContents) {
 	}
 }
 
-?>
+?>

install/tpl/dovecot-pop3imap.conf.master

@@ -0,0 +1,3 @@
+[Definition]
+failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+ignoreregex =

install/tpl/dovecot_fail2ban_jail.local.master

@@ -0,0 +1,10 @@
+[dovecot-pop3imap]
+enabled = true
+filter = dovecot-pop3imap
+action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
+# optionaly mail notification # mail[name=dovecot-pop3imap, dest=root@domain] # see /etc/fail2ban/action.d/ or Fail2Ban doc
+logpath = /var/log/maillog
+maxretry = 20
+findtime = 1200
+bantime = 1200
+