[Watchdog, Config] Added WATCHDOG_NOTIFY_BAN to disable IP ban notifications

[Netfilter] Remove unused files after installation
[Compose] Some new images and a new option for watchdog: WATCHDOG_NOTIFY_BAN - defaults to y
This commit is contained in:
andryyy 2019-06-13 19:38:53 +02:00
parent e43951331c
commit 8984240e44
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
5 changed files with 19 additions and 6 deletions

View File

@ -5,9 +5,10 @@ ENV XTABLES_LIBDIR /usr/lib/xtables
ENV PYTHON_IPTABLES_XTABLES_VERSION 12 ENV PYTHON_IPTABLES_XTABLES_VERSION 12
ENV IPTABLES_LIBDIR /usr/lib ENV IPTABLES_LIBDIR /usr/lib
RUN apk add -U python3 python3-dev gcc musl-dev iptables ip6tables tzdata \ RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \
&& apk add -U python3 iptables ip6tables tzdata \
&& pip3 install --upgrade python-iptables==0.13.0 redis ipaddress dnspython \ && pip3 install --upgrade python-iptables==0.13.0 redis ipaddress dnspython \
&& apk del python3-dev gcc && apk del .build-deps
COPY server.py / COPY server.py /
CMD ["python3", "-u", "/server.py"] CMD ["python3", "-u", "/server.py"]

View File

@ -687,8 +687,8 @@ while true; do
for host in "${F2B_RES[@]}"; do for host in "${F2B_RES[@]}"; do
log_msg "Banned ${host}" log_msg "Banned ${host}"
rm /tmp/fail2ban 2> /dev/null rm /tmp/fail2ban 2> /dev/null
whois ${host} > /tmp/fail2ban whois ${host} > /tmp/fail2ban
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}" [[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && [[ ${WATCHDOG_NOTIFY_BAN} =~ ^([yY][eE][sS]|[yY])+$ ]] && mail_error "${com_pipe_answer}" "IP ban: ${host}"
done done
elif [[ ${com_pipe_answer} =~ .+-mailcow ]]; then elif [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
kill -STOP ${BACKGROUND_TASKS[*]} kill -STOP ${BACKGROUND_TASKS[*]}

View File

@ -340,7 +340,7 @@ services:
- acme - acme
netfilter-mailcow: netfilter-mailcow:
image: mailcow/netfilter:1.25 image: mailcow/netfilter:1.26
build: ./data/Dockerfiles/netfilter build: ./data/Dockerfiles/netfilter
stop_grace_period: 30s stop_grace_period: 30s
depends_on: depends_on:
@ -364,7 +364,7 @@ services:
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
watchdog-mailcow: watchdog-mailcow:
image: mailcow/watchdog:1.46 image: mailcow/watchdog:1.47
# Debug # Debug
#command: /watchdog.sh #command: /watchdog.sh
build: ./data/Dockerfiles/watchdog build: ./data/Dockerfiles/watchdog
@ -381,6 +381,7 @@ services:
- DBPASS=${DBPASS} - DBPASS=${DBPASS}
- USE_WATCHDOG=${USE_WATCHDOG:-n} - USE_WATCHDOG=${USE_WATCHDOG:-n}
- WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL} - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL}
- WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- IPV4_NETWORK=${IPV4_NETWORK:-172.22.1} - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
- IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0} - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}

View File

@ -195,10 +195,12 @@ SKIP_HTTP_VERIFICATION=n
SKIP_CLAMD=${SKIP_CLAMD} SKIP_CLAMD=${SKIP_CLAMD}
# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1. # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
SKIP_SOLR=${SKIP_SOLR} SKIP_SOLR=${SKIP_SOLR}
# Solr heap size in MB, there is no recommendation, please see Solr docs. # Solr heap size in MB, there is no recommendation, please see Solr docs.
# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended. # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
SOLR_HEAP=1024 SOLR_HEAP=1024
# Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental) # Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)
@ -215,6 +217,9 @@ ALLOW_ADMIN_EMAIL_LOGIN=n
#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
#WATCHDOG_NOTIFY_EMAIL= #WATCHDOG_NOTIFY_EMAIL=
# Notify about banned IP (includes whois lookup)
WATCHDOG_NOTIFY_BAN=y
# Max log lines per service to keep in Redis logs # Max log lines per service to keep in Redis logs
LOG_LINES=9999 LOG_LINES=9999

View File

@ -256,6 +256,12 @@ for option in ${CONFIG_ARRAY[@]}; do
echo "#MAILDIR_SUB=Maildir" >> mailcow.conf echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
echo "MAILDIR_SUB=" >> mailcow.conf echo "MAILDIR_SUB=" >> mailcow.conf
fi fi
elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
fi
elif ! grep -q ${option} mailcow.conf; then elif ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf" echo "Adding new option \"${option}\" to mailcow.conf"
echo "${option}=n" >> mailcow.conf echo "${option}=n" >> mailcow.conf