diff --git a/README.md b/README.md
index fc0d7aa..b80cac1 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # Readme
 
 [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_fail2ban&style=plastic)](https://jenkins.confdroid.com/job/confdroid_fail2ban/)
+[![Security Hotspots](https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_fail2ban&metric=security_hotspots&token=sqb_9fa4789fabfda384f78fcdeb3ade3efce6225e64)](https://sonarqube.confdroid.com/dashboard?id=confdroid_fail2ban)
 
 - [Readme](#readme)
   - [Synopsis](#synopsis)
@@ -36,6 +37,15 @@ Configuration
 
 - manage directory structure  (file system permissions, selinux context)
 - manage configuration files   (file system permissions, selinux context, content based on parameters)
+  - fail2ban.conf
+  - fail2ban.local
+  - jail.conf
+  - jail.local ( overrides default settings in jail.conf)
+
+> Every setting in .local files has a parameter in params.pp, which can be overridden in ENC based on fqdn, hostgroup etc. (recommended) or directly in params.pp. Typical parameters to override are:
+
+- `fn_destemail`: the email address to be notified
+- `fn_bantime`: the the time an attacker IP is banned.
 
 Service
 
diff --git a/manifests/params.pp b/manifests/params.pp
index 012ae00..23fcab3 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -133,7 +133,6 @@ class confdroid_fail2ban::params (
   Boolean $fn_enabled                 = false,
   String $fn_filter                   = '%(__name__)s',
   String $fn_destemail                = 'root@localhost',
-  #String $fn_sender                   = "fail2ban@${fqdn}",
   String $fn_mta                      = 'sendmail',
   String $fn_protocol                 = 'tcp',
   String $fn_chain                    = 'INPUT',