From 8984240e44df9f3ed6e7ad5d84ade10c0e124e51 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 13 Jun 2019 19:38:53 +0200
Subject: [PATCH] [Watchdog, Config] Added WATCHDOG_NOTIFY_BAN to disable IP
 ban notifications [Netfilter] Remove unused files after installation
 [Compose] Some new images and a new option for watchdog: WATCHDOG_NOTIFY_BAN
 - defaults to y

---
 data/Dockerfiles/netfilter/Dockerfile | 5 +++--
 data/Dockerfiles/watchdog/watchdog.sh | 4 ++--
 docker-compose.yml                    | 5 +++--
 generate_config.sh                    | 5 +++++
 update.sh                             | 6 ++++++
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 7ed44192..76175dac 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -5,9 +5,10 @@ ENV XTABLES_LIBDIR /usr/lib/xtables
 ENV PYTHON_IPTABLES_XTABLES_VERSION 12
 ENV IPTABLES_LIBDIR /usr/lib
 
-RUN apk add -U python3 python3-dev gcc musl-dev iptables ip6tables tzdata \
+RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \
+  && apk add -U python3 iptables ip6tables tzdata \
   && pip3 install --upgrade python-iptables==0.13.0 redis ipaddress dnspython \
-  && apk del python3-dev gcc
+  && apk del .build-deps
 
 COPY server.py /
 CMD ["python3", "-u", "/server.py"]
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index 0132fa97..d2e1924c 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -687,8 +687,8 @@ while true; do
     for host in "${F2B_RES[@]}"; do
       log_msg "Banned ${host}"
       rm /tmp/fail2ban 2> /dev/null
-      whois ${host} > /tmp/fail2ban 
-      [[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}"
+      whois ${host} > /tmp/fail2ban
+      [[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && [[ ${WATCHDOG_NOTIFY_BAN} =~ ^([yY][eE][sS]|[yY])+$ ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}"
     done
   elif [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
     kill -STOP ${BACKGROUND_TASKS[*]}
diff --git a/docker-compose.yml b/docker-compose.yml
index 7dc15f2b..2246ab39 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -340,7 +340,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.25
+      image: mailcow/netfilter:1.26
       build: ./data/Dockerfiles/netfilter
       stop_grace_period: 30s
       depends_on:
@@ -364,7 +364,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:1.46
+      image: mailcow/watchdog:1.47
       # Debug
       #command: /watchdog.sh
       build: ./data/Dockerfiles/watchdog
@@ -381,6 +381,7 @@ services:
         - DBPASS=${DBPASS}
         - USE_WATCHDOG=${USE_WATCHDOG:-n}
         - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL}
+        - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
         - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
diff --git a/generate_config.sh b/generate_config.sh
index abcce68d..27c9a0b7 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -195,10 +195,12 @@ SKIP_HTTP_VERIFICATION=n
 SKIP_CLAMD=${SKIP_CLAMD}
 
 # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
+
 SKIP_SOLR=${SKIP_SOLR}
 
 # Solr heap size in MB, there is no recommendation, please see Solr docs.
 # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+
 SOLR_HEAP=1024
 
 # Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)
@@ -215,6 +217,9 @@ ALLOW_ADMIN_EMAIL_LOGIN=n
 #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 #WATCHDOG_NOTIFY_EMAIL=
 
+# Notify about banned IP (includes whois lookup)
+WATCHDOG_NOTIFY_BAN=y
+
 # Max log lines per service to keep in Redis logs
 
 LOG_LINES=9999
diff --git a/update.sh b/update.sh
index 913da049..b034d3cf 100755
--- a/update.sh
+++ b/update.sh
@@ -256,6 +256,12 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
       echo "MAILDIR_SUB=" >> mailcow.conf
   fi
+  elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
+      echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
+  fi
   elif ! grep -q ${option} mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf