# ------------------------------------------------------------------------------ #
#                                                                                #
# FAIL 2 BAN Configuration file                                                  #
#                                                                                #
# Author : Jonathan Dray                                                         #
# Version : 1.0                                                                  #
# Date : 2008.04.22                                                              #
#                                                                                #
# ------------------------------------------------------------------------------ #




# ************************* #
#                           #
#  Default Section          #
#                           #
# ************************* #
[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
bantime  = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
#      This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = admin@mydomain.com




# ************************* #
#                           #
#  Actions definition       #
#                           #
# ************************* #
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define 
# action_* variables. Can be overriden globally or per 
# section within jail.local file
banaction = iptables-multiport

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
 
# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section 
action = %(action_mwl)s




# ************************* #
#                           #
#  Jail definition          #
#                           #
# ************************* #
[ssh]

enabled = true
port	= 32
filter	= sshd
logpath  = /var/log/auth.log
maxretry = 6


[ssh-ddos]

enabled = true
port    = 32
filter  = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 6


[postfix]

enabled  = true
port	 = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log


[courierauth]

enabled  = true
port	 = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter   = courierlogin
logpath  = /var/log/mail.log