diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile index 7ed44192..76175dac 100644 --- a/data/Dockerfiles/netfilter/Dockerfile +++ b/data/Dockerfiles/netfilter/Dockerfile @@ -5,9 +5,10 @@ ENV XTABLES_LIBDIR /usr/lib/xtables ENV PYTHON_IPTABLES_XTABLES_VERSION 12 ENV IPTABLES_LIBDIR /usr/lib -RUN apk add -U python3 python3-dev gcc musl-dev iptables ip6tables tzdata \ +RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \ + && apk add -U python3 iptables ip6tables tzdata \ && pip3 install --upgrade python-iptables==0.13.0 redis ipaddress dnspython \ - && apk del python3-dev gcc + && apk del .build-deps COPY server.py / CMD ["python3", "-u", "/server.py"] diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh index 0132fa97..d2e1924c 100755 --- a/data/Dockerfiles/watchdog/watchdog.sh +++ b/data/Dockerfiles/watchdog/watchdog.sh @@ -687,8 +687,8 @@ while true; do for host in "${F2B_RES[@]}"; do log_msg "Banned ${host}" rm /tmp/fail2ban 2> /dev/null - whois ${host} > /tmp/fail2ban - [[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}" + whois ${host} > /tmp/fail2ban + [[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && [[ ${WATCHDOG_NOTIFY_BAN} =~ ^([yY][eE][sS]|[yY])+$ ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}" done elif [[ ${com_pipe_answer} =~ .+-mailcow ]]; then kill -STOP ${BACKGROUND_TASKS[*]} diff --git a/docker-compose.yml b/docker-compose.yml index 7dc15f2b..2246ab39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -340,7 +340,7 @@ services: - acme netfilter-mailcow: - image: mailcow/netfilter:1.25 + image: mailcow/netfilter:1.26 build: ./data/Dockerfiles/netfilter stop_grace_period: 30s depends_on: @@ -364,7 +364,7 @@ services: - /lib/modules:/lib/modules:ro watchdog-mailcow: - image: mailcow/watchdog:1.46 + image: mailcow/watchdog:1.47 # Debug #command: /watchdog.sh build: ./data/Dockerfiles/watchdog @@ -381,6 +381,7 @@ services: - DBPASS=${DBPASS} - USE_WATCHDOG=${USE_WATCHDOG:-n} - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL} + - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1} - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0} diff --git a/generate_config.sh b/generate_config.sh index abcce68d..27c9a0b7 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -195,10 +195,12 @@ SKIP_HTTP_VERIFICATION=n SKIP_CLAMD=${SKIP_CLAMD} # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1. + SKIP_SOLR=${SKIP_SOLR} # Solr heap size in MB, there is no recommendation, please see Solr docs. # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended. + SOLR_HEAP=1024 # Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental) @@ -215,6 +217,9 @@ ALLOW_ADMIN_EMAIL_LOGIN=n #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com #WATCHDOG_NOTIFY_EMAIL= +# Notify about banned IP (includes whois lookup) +WATCHDOG_NOTIFY_BAN=y + # Max log lines per service to keep in Redis logs LOG_LINES=9999 diff --git a/update.sh b/update.sh index 913da049..b034d3cf 100755 --- a/update.sh +++ b/update.sh @@ -256,6 +256,12 @@ for option in ${CONFIG_ARRAY[@]}; do echo "#MAILDIR_SUB=Maildir" >> mailcow.conf echo "MAILDIR_SUB=" >> mailcow.conf fi + elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf + echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf + fi elif ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf" echo "${option}=n" >> mailcow.conf