The postfix flood attack jail & filter is missing from the current fail2ban configs in the dockerized iredmail. It'd be helpful to either add it as a standard rule or allow customization of fail2ban, so it can be configured somehow.

e.g. in a standard config it would be --->

in /etc/fail2ban/jail.local, add:

[postfix-flood-attack]
enabled  = true
bantime  = 10m
filter   = postfix-flood-attack
action   = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath  = /var/log/mail.log

and in /etc/fail2ban/filter.d/postfix-flood-attack.conf

[Definition]
failregex = lost connection after AUTH from (.*)\[<HOST>\]
ignoreregex =

I realize the iredmail container configs uses jails-available with symbolic links, etc., so this would need to be adapted to that setup.

We have this rule in /etc/fail2ban/filter.d/postfix.iredmail.conf:
https://github.com/iredmail/dockerized/blob/master/config/etc/fail2ban/filter.d/postfix.iredmail.conf#L13
https://github.com/iredmail/iRedMail/blob/master/samples/fail2ban/filter.d/postfix.iredmail.conf#L8

Yes, I do see those config files, but it doesn't appear to work. Was it tested in the stable branch of the docker container?

Also, that setup doesn't allow for customization of ban times for this specific attack, which you may want to be different from the other jails.

As a dockerized app, you can write your own jail config file, then mount it to override iRedMail one. :)

It'd be great to make these kinds of overrides on top of the latest stable image, so I don't have to repeat it if anything changes. Is a new stable image on the way?