diff --git a/.gitignore b/.gitignore
index 6cf2b8e6..fc55b270 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ docker-compose.yml
 test/config/empty/
 test/config/postfix-accounts.cf
 test/config/letsencrypt/mail.my-domain.com/combined.pem
+test/onedir
diff --git a/config/fail2ban-jail.cf b/config/fail2ban-jail.cf
new file mode 100644
index 00000000..7b426c4a
--- /dev/null
+++ b/config/fail2ban-jail.cf
@@ -0,0 +1,11 @@
+[DEFAULT]
+
+# "bantime" is the number of seconds that a host is banned.
+#bantime  = 10800
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+#findtime  = 600
+
+# "maxretry" is the number of failures before a host get banned.
+#maxretry = 3
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
index a7a85033..37859b28 100644
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@@ -263,8 +263,13 @@ SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag
 SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
 test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
 
-# Disable logrotate config for fail2ban if not enabled
-test -z "$ENABLE_FAIL2BAN" && rm -f /etc/logrotate.d/fail2ban
+if [ "$ENABLE_FAIL2BAN" = 1 ]; then
+  test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
+else
+  # Disable logrotate config for fail2ban if not enabled
+  rm -f /etc/logrotate.d/fail2ban
+fi
+
 # Fix cron.daily for spamassassin
 sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin
 
diff --git a/test/config/fail2ban-jail.cf b/test/config/fail2ban-jail.cf
new file mode 100644
index 00000000..eee1f8ff
--- /dev/null
+++ b/test/config/fail2ban-jail.cf
@@ -0,0 +1,11 @@
+[DEFAULT]
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 1234
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 321
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 2
diff --git a/test/tests.bats b/test/tests.bats
index a8e954af..c12bf711 100644
--- a/test/tests.bats
+++ b/test/tests.bats
@@ -366,32 +366,56 @@
   [ "$status" -eq 0 ]
 }
 
+@test "checking fail2ban: fail2ban-jail.cf overrides" {
+  FILTERS=(sshd postfix dovecot postfix-sasl)
+
+  for FILTER in "${FILTERS[@]}"; do
+    run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER bantime"
+    [ "$output" = 1234 ]
+
+    run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER findtime"
+    [ "$output" = 321 ]
+
+    run docker exec mail_fail2ban /bin/sh -c "fail2ban-client get $FILTER maxretry"
+    [ "$output" = 2 ]
+  done
+}
+
 @test "checking fail2ban: ban ip on multiple failed login" {
   # Getting mail_fail2ban container IP
   MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)
+
   # Create a container which will send wront authentications and should banned
-  docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d `docker inspect --format '{{ .Config.Image }}' mail` tail -f /var/log/faillog
-  docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
+  docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog
+
   docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
   docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
+
   sleep 5
+
   # Checking that FAIL_AUTH_MAILER_IP is banned in mail_fail2ban
   FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
-  run docker exec mail_fail2ban /bin/sh -c "export FAIL_AUTH_MAILER_IP=$FAIL_AUTH_MAILER_IP && fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'"
+
+  run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep '$FAIL_AUTH_MAILER_IP'"
   [ "$status" -eq 0 ]
-  # Checking that FAIL_AUTH_MAILER_IP is banned in /etc/hosts.deny
-  run docker exec mail_fail2ban /bin/sh -c "export FAIL_AUTH_MAILER_IP=$FAIL_AUTH_MAILER_IP && iptables -L | grep 'REJECT     all  --  $FAIL_AUTH_MAILER_IP'"
+
+  # Checking that FAIL_AUTH_MAILER_IP is banned by iptables
+  run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'"
   [ "$status" -eq 0 ]
 }
 
 @test "checking fail2ban: unban ip works" {
   FAIL_AUTH_MAILER_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' fail-auth-mailer)
+
   docker exec mail_fail2ban fail2ban-client set postfix-sasl unbanip $FAIL_AUTH_MAILER_IP
+
   sleep 5
+
   run docker exec mail_fail2ban /bin/sh -c "fail2ban-client status postfix-sasl | grep 'IP list:.*$FAIL_AUTH_MAILER_IP'"
   [ "$status" -eq 1 ]
-  # Checking that FAIL_AUTH_MAILER_IP is unbanned in /etc/hosts.deny
-  run docker exec mail_fail2ban /bin/sh -c "export FAIL_AUTH_MAILER_IP=$FAIL_AUTH_MAILER_IP && iptables -L | grep 'REJECT     all  --  $FAIL_AUTH_MAILER_IP'"
+
+  # Checking that FAIL_AUTH_MAILER_IP is unbanned by iptables
+  run docker exec mail_fail2ban /bin/sh -c "iptables -L f2b-postfix-sasl -n | grep REJECT | grep '$FAIL_AUTH_MAILER_IP'"
   [ "$status" -eq 1 ]
 }