From 1ae0ca973d5e3dace1dd7dc881e0266ced344978 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 26 Nov 2015 09:48:42 -0400 Subject: Added Propellor.Property.Fail2Ban. --- src/Propellor/Property/Postfix.hs | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 20492dc6..356a945f 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -134,6 +134,11 @@ dedupCf ls = -- Does not configure postfix to use it; eg @smtpd_sasl_auth_enable = yes@ -- needs to be set to enable use. See -- . +-- +-- Password brute force attacks are possible when SASL auth is enabled. +-- It would be wise to enable fail2ban, for example: +-- +-- > Fail2Ban.jailEnabled "postfix-sasl" saslAuthdInstalled :: Property NoInfo saslAuthdInstalled = setupdaemon `requires` Service.running "saslauthd" -- cgit v1.2.3