[DEFAULT]

#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport-log

mta = sendmail

## - Note:
## - sendmail-only-ban must be configured. See action.d/sendmail-only-ban.local
## -
action_m = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-only-ban_unban[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

## - Choose default action
## -
#action = %(action_m)s
action = %(action_)s


#
# JAILS
#

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
findtime = 600
maxretry = 3
bantime  = 86400

[ssh-vservers]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /vservers/*/var/log/auth.log
findtime = 600
maxretry = 3
bantime  = 86400

[sasl]
enabled  = true
port     = smtp,ssmtp,submission
filter   = sasl
logpath  = /var/log/mail.warn
findtime = 600
maxretry = 3
bantime  = 43200

## - MAC is sending 3 failed SASL requests before
## - authentication succeeded
## -
## - If running a mailserver, consider that fact!
## -
[sasl-vservers]
enabled  = true
port     = smtp,ssmtp,submission
filter   = sasl
logpath  = /vservers/*/var/log/mail.warn
findtime = 30
maxretry = 19
bantime  = 10800

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /vservers/a.mx/var/log/mail.log
findtime = 60
maxretry = 1
bantime  = 43200

[postfix-auth-dos]
enabled  = true
port     = smtp,ssmtp,submission
filter   = postfix-auth-dos
logpath  = /vservers/a.mx/var/log/mail.log
findtime = 60
maxretry = 60
bantime  = 10800

[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
enabled  = true
port     = http,https
filter   = apache-badbots
logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
findtime = 10
maxretry = 1
bantime  = 172800

[http-dos]
enabled  = true
filter   = http-dos
port     = http,https
logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
maxretry = 600
findtime = 60
bantime  = 43200

[wp-login]
enabled  = true
filter   = wp-login
port     = http,https
logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
maxretry = 5
findtime = 60
bantime  = 86400

[wp-xmlrpc]
enabled  = true
filter   = wp-xmlrpc
port     = http,https
logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
maxretry = 5
findtime = 60
bantime  = 43200

[owncloud]
enabled  = true
filter   = owncloud
port     = http,https
logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
maxretry = 5
findtime = 30
bantime  = 600

[pure-ftpd]
enabled  = true
filter   = pure-ftpd
port     = ftp,ftp-data,ftps,ftps-data
logpath  = /vservers/*/var/log/pure-ftpd/ftp.log
maxretry = 5
findtime = 600
bantime  = 86400