Invalid login attempts lockout user access

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
dipeshmehta
Advanced member
Advanced member
Posts: 169
Joined: Sat Sep 13, 2014 1:18 am

Invalid login attempts lockout user access

Post by dipeshmehta »

Hello,

I have been experiencing invalid login attempts to user accounts on my server. Continuous such attempts lockouts the user account. I found following in audit.log:

Code: Select all

2018-02-27 09:55:18,067 WARN  [ImapSSLServer-878] [ip=xxx.yyy.zzz.aaa;] security - cmd=Auth; account=user@domain.com; protocol=imap; error=authentication failed for [user@domain.com], invalid password;
I tried to disable IMAP & POP3 access to users those who do not need it (mostly sits in office only and access through ZD). Kindly guide, what further action should I need.

~Dipesh
(Release 8.0.9.GA.6191.UBUNTU14.64 UBUNTU14_64 NETWORK edition)
Top
User avatar
tonster
Zimbra Employee
Zimbra Employee
Posts: 313
Joined: Fri Feb 21, 2014 10:14 am
Location: Ypsilanti, MI
ZCS/ZD Version: Release 8.7.0_GA_1659.RHEL6_64_2016

Re: Invalid login attempts lockout user access

Post by tonster »

I'd suggest you start banning ips that are doing it. You could use something like fail2ban. There's various posts in the forum that discuss this.

Sent from my SM-G950U using Tapatalk
Top
Post Reply

Return to “Administrators”