fail2ban added and configured for extra security

2 files changed, 14 insertions, 2 deletions

diff --git a/README.md b/README.md
index 9f14814..f08a3ae 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,8 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
 - **Spamassassin** to prevent spam and allow you to make custom filters.
 - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
 - The required SSL certificates if not already present.
+- **fail2ban** to increase server security, with enabled modules for the above
+  programs.
 
 ## This script does _not_
 
diff --git a/emailwiz.sh b/emailwiz.sh
index 7d95579..9e6c04a 100644
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -29,7 +29,7 @@
 
 umask 0022
 
-apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools
+apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools fail2ban
 # Check if OpenDKIM is installed and install it if not.
 which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
 domain="$(cat /etc/mailname)"
@@ -311,7 +311,17 @@ postconf -e 'smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynet
 /lib/opendkim/opendkim.service.generate
 systemctl daemon-reload
 
-for x in spamassassin opendkim dovecot postfix; do
+# Enable fail2ban security for dovecot and postfix.
+[ ! -f /etc/fail2ban/jail.d/emailwiz.local ] && echo "[postfix]
+enabled = true
+[postfix-sasl]
+enabled = true
+[sieve]
+enabled = true
+[dovecot]
+enabled = true" > /etc/fail2ban/jail.d/emailwiz.local
+
+for x in spamassassin opendkim dovecot postfix fail2ban; do
 	printf "Restarting %s..." "$x"
 	service "$x" restart && printf " ...done\\n"
 	systemctl enable "$x"