summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Postfix.hs
diff options
context:
space:
mode:
authorJoey Hess2015-11-26 09:48:42 -0400
committerJoey Hess2015-11-26 09:50:00 -0400
commit1ae0ca973d5e3dace1dd7dc881e0266ced344978 (patch)
treeab1327da55fc2acd5dc01a7d01facff3e44869e1 /src/Propellor/Property/Postfix.hs
parentf736486013ba3d317cac808f490c1bfa956605f4 (diff)
Added Propellor.Property.Fail2Ban.
Diffstat (limited to 'src/Propellor/Property/Postfix.hs')
-rw-r--r--src/Propellor/Property/Postfix.hs5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs
index 20492dc6..356a945f 100644
--- a/src/Propellor/Property/Postfix.hs
+++ b/src/Propellor/Property/Postfix.hs
@@ -134,6 +134,11 @@ dedupCf ls =
-- Does not configure postfix to use it; eg @smtpd_sasl_auth_enable = yes@
-- needs to be set to enable use. See
-- <https://wiki.debian.org/PostfixAndSASL>.
+--
+-- Password brute force attacks are possible when SASL auth is enabled.
+-- It would be wise to enable fail2ban, for example:
+--
+-- > Fail2Ban.jailEnabled "postfix-sasl"
saslAuthdInstalled :: Property NoInfo
saslAuthdInstalled = setupdaemon
`requires` Service.running "saslauthd"