Fail2Ban Demystified: Custom Fail2Ban Actions

October 1, 2024 Reading time: 33 minutes

Fail2Ban is a powerful security tool that bridges your public-facing network services (ssh, mail server, web server, etc.) and your firewall. The Fail2Ban daemon constantly monitors your server logs, looking for troublemakers. When an intruder or suspicious activity is detected, it takes action! By default, Fail2Ban writes a temporary firewall rule that blocks the offender’s IP address on selected ports for a short period of time.

The real power in Fail2Ban, though, lies in its customizability. Using custom action scripts, admins can configure how Fail2Ban responds to threats, extending its abilities far beyond simply interfacing with the firewall. For example, you can define actions that will send an email or notification, write to a log file or database, invoke a web API, react differently in different contexts, and so on. The possibilities are unlimited!

This article explains how actions in Fail2Ban are defined and customized so that you can get the most out of Fail2Ban.

Read more

Postfix Demystified: Incoming Mail Restrictions

September 24, 2024 Reading time: 40 minutes

There was a time in the early days of the internet when spam, phishing, CEO impersonation, email trojans, and other forms of email abuse were not a thing. Mail servers would happily accept mail from any domain and forward it along to any other domain with no worry of being an unwitting accomplice in evildoing. Alas, those blissful days are long gone and, today, a mail server’s incoming mail policy is a critical early line of defense against these threats.

In this article, you will learn how to configure Postfix to enforce a simple mail acceptance policy for your domain(s). Your policy is determined by the role(s) your server will play (relay, destination, send-only, etc.), where your users typically connect from, and your tolerance for spam and misbehaving mail clients, among other considerations.

Read more