updated mail container to use fail2ban again, added notes, reduced logs, also using correct/newer image location

2021-08-08 15:04:02 +10:00
parent 943d9e09b2
commit eb6caaa68b
1 changed files with 22 additions and 4 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -109,8 +109,21 @@ services:
 #    devices:
 #      - /dev/dri:/dev/dri

+
+  #
+  # fail2ban is a bit jumpy from memory, so I've added a whitelist
+  # but its not going to survive a pull... and it seems if I mount 
+  # the docker container before its initialised it ends up empty 
+  # (timing?) so I have done this by hand
+  # for now, until I work out a solution:
+  ## sudo docker exec -it mail bash
+  ## root@mail:/etc/fail2ban/jail.d# cat > whitelist.conf
+  ## [DEFAULT]
+  ## ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+  # sudo docker-compose restart mail
+  #
  mail:
-    image: tvial/docker-mailserver:latest
+    image: docker.io/mailserver/docker-mailserver:latest
    hostname: mail
    domainname: depaoli.id.au
    container_name: mail
@@ -126,15 +139,20 @@ services:
      - /srv/docker/container/mail/log:/var/log/mail
      - /srv/docker/container/mail/config/:/tmp/docker-mailserver/
      - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
+#      - /srv/docker/container/mail/fail2ban/etc:/etc/fail2ban
      - /etc/localtime:/etc/localtime:ro
    environment:
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
-      - ENABLE_FAIL2BAN=0
+      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=0
      - SPOOF_PROTECTION=1
      - ONE_DIR=1
      - DMS_DEBUG=0
+      - AMAVIS_LOGLEVEL=-1
+      # in theory these next 2 being empty disables them, but that does not seem to work
+      - ENABLE_POP3
+      - ENABLE_MANAGESIEVE
      - ENABLE_LDAP=1
      - LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName
      - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
@@ -167,12 +185,12 @@ services:
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    environment:
-      LDAP_LOG_LEVEL: "256"
+      LDAP_LOG_LEVEL: "32768"
      LDAP_ORGANISATION: "Depaoli home ldap"
      LDAP_DOMAIN: "depaoli.id.au"
      LDAP_BASE_DN: ""
      LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20"
-      LDAP_CONFIG_PASSWORD: "config"
+      LDAP_CONFIG_PASSWORD: "in_2021_yet_another_real_pwd_for_adm"
      LDAP_READONLY_USER: "false"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"