fail2ban setting 8.8.9 / Ubuntu 16.04

[wupperi]

Good morning,

I am now to Zimbra, however I got the system up an running without any major issues.
My system runs on Ubuntu 16.04 LTS The

Code: Select all

 zmcontrol -v 

outputs:

(Release 8.8.9.GA.3019.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P9.)

I am, however struggeling getting the right jail.conf and zimbra.conf filter in place, as to secure my install a bit dowen further.
My fail2ban version in the distro is 0.9.3.

I am sure there must be zimbra installs out there with above profile, could someone maybe post me his settings, pls.

Br, wupperi

[axslingr]

Follow this blog post:

https://www.missioncriticalemail.com/20 ... -together/

That, together with the postfix, postfix-auth, and postfix-sasl jalls that come with fail2ban, is all I use.

Lance

[maxxer]

Follow this blog post:

https://www.missioncriticalemail.com/20 ... -together/

That, together with the postfix, postfix-auth, and postfix-sasl jalls that come with fail2ban, is all I use.

Lance

this is very useful, thank to the precious work of @Mark.

What I found sometimes annoying is that if someone is bruteforcing against a mailbox with several IPs, and DoSFilter fails to block this attempt, the user will end up with a locked mailbox unable to work. I saw in the past a lot of attempts from hundreds of IPs.

How to deal with distributed bruteforce?