How to protect Zimbra against postfix AUTH DoS attacks

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2802
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.7 Network Edition
Contact:
Contact L. Mark Stone

Re: How to protect Zimbra against postfix AUTH DoS attacks

Post by L. Mark Stone »

Xardas999 wrote:If I just add to jail.local
[zimbra]
enabled=true

and put this content to zimbra.conf

then fail2ban-client reload tells:
ERROR NOK: ("No 'host' group in '\\[ip=;\\] account \xe2\x80\x94 authentication failed for .* \\(no such account\\)$'",)
Sure, no problem!

The Zimbra portions of my jail.conf file look like this:

Code: Select all

# Zimbra
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=hiddenemailaddress.com]
logpath = /var/log/zimbra.log

[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, dest=hiddenemailaddress.com]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 10

[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, dest=hiddenemailaddress.com]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 10

[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, dest=hiddenemailaddress.com]
logpath = /var/log/zimbra.log
#findtime = 604800
bantime = 172800
maxretry = 5

[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, dest=hiddenemailaddress.com]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Top
Xardas999
Posts: 8
Joined: Thu Oct 20, 2016 9:51 pm

Re: How to protect Zimbra against postfix AUTH DoS attacks

Post by Xardas999 »

Oh, that's amazing, that helps a lot!

REMARK for people who are using firewalld instead of iptables:
you should change "iptables-allports" to "firewallcmd-allports" and
"iptables-multiport" to "firewallcmd-multiport" in the jail.local config file
Top
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2802
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.7 Network Edition
Contact:
Contact L. Mark Stone

Re: How to protect Zimbra against postfix AUTH DoS attacks

Post by L. Mark Stone »

Xardas999 wrote:Oh, that's amazing, that helps a lot!

REMARK for people who are using firewalld instead of iptables:
you should change "iptables-allports" to "firewallcmd-allports" and
"iptables-multiport" to "firewallcmd-multiport" in the jail.local config file
Glad we could help, and thanks for documenting the syntax change required when using firewalld instead of iptables!

With best regards,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Top
Post Reply

Return to “Administrators”