Mailcow Templates
Protection templates for the Mailcow Docker mail server stack. These templates monitor Docker container logs.
These templates are designed for Mailcow running in Docker. For standard Postfix/Dovecot installations, use the Mail Templates.
How Docker Templates Work
- Bloqd creates a log streaming systemd service
- Service streams container logs to a file
- fail2ban monitors the log file
- Backend is set to
pollingfor Docker logs
Log location: /var/log/bloqd/mailcow-postfix.log
mailcow-sasl
SASL authentication failures for Mailcow Postfix.
| Setting | Default |
|---|---|
| Port | 25, 465, 587 |
| Log Path | /var/log/bloqd/mailcow-postfix.log |
| Max Retry | 3 |
| Find Time | 10 minutes |
| Ban Time | 24 hours |
Container
Monitors: postfix-mailcow
mailcow-pregreet
Detects spam bots that violate SMTP protocol by sending data before the greeting.
| Setting | Default |
|---|---|
| Port | 25 |
| Log Path | /var/log/bloqd/mailcow-postfix.log |
| Max Retry | 1 |
| Find Time | 1 hour |
| Ban Time | 1 week |
Detected Patterns
- PREGREET (sent data before server greeting)
- HANGUP (disconnected during handshake)
- NON-SMTP COMMAND (invalid protocol)
Why Max Retry = 1?
These violations are almost always from spam bots, never from legitimate clients. A single violation warrants immediate ban.
Why Long Ban Time?
Spam bots rarely change behavior. A 1-week ban:
- Significantly reduces spam attempts
- Frees up server resources
- Bot may move to other targets
mailcow-dnsbl
Bans IPs with high DNSBL (blacklist) scores.
| Setting | Default |
|---|---|
| Port | 25, 465, 587 |
| Log Path | /var/log/bloqd/mailcow-postfix.log |
| Max Retry | 2 |
| Find Time | 30 minutes |
| Ban Time | 1 week |
Only matches DNSBL scores of 12 or higher (significant blacklist presence).
How It Works
- Postscreen checks connecting IP against DNSBLs
- Each list returns a score
- High combined score = known spam source
- fail2ban bans IPs with scores >= 12
Setup Requirements
Docker Log Streaming
The installer automatically creates:
# /etc/systemd/system/bloqd-mailcow-postfix.service
[Unit]
Description=Mailcow Postfix Log Stream
[Service]
ExecStart=/usr/bin/docker logs -f postfix-mailcow
StandardOutput=append:/var/log/bloqd/mailcow-postfix.log
Log Rotation
Add to /etc/logrotate.d/bloqd:
/var/log/bloqd/mailcow-postfix.log {
daily
rotate 7
compress
missingok
notifempty
create 0640 root root
}
Recommended Configuration
Aggressive Protection
For servers receiving significant spam:
# mailcow-sasl
maxretry: 2
bantime: 1w
# mailcow-pregreet
maxretry: 1
bantime: 1w
# mailcow-dnsbl
maxretry: 1
bantime: 1w
Troubleshooting
Logs Not Being Captured
-
Check Docker container name:
docker ps | grep postfix -
Check log streaming service:
systemctl status bloqd-mailcow-postfix -
Verify log file exists:
ls -la /var/log/bloqd/mailcow-postfix.log
Filter Not Matching
Test filter against logs:
fail2ban-regex /var/log/bloqd/mailcow-postfix.log \
/etc/fail2ban/filter.d/mailcow-sasl.conf