1 Topic by ulferik

  • ulferik
  • Member
  • Offline
  • Registered: 2018-01-09
  • Posts: 14

Topic: Ip:s probing the server

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====Hi!
I have been using an IredMail server for some time. The server and everything is working well. I am a little proud that I have managed to install and configure this server. What I am anxious about is that I haven't secured everything as it should be.

I see in the logfile that I receive everyday, there is people trying to get in to my server. Most of them come from HongKong or China some from USA.

Is there a way to blacklist eg. 180.97.?.? which is  using different ip everyday?

Regards
Ulferik

Post's attachments

probe.txt 1.5 kb, 4 downloads since 2018-04-13 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Ip:s probing the server

You can setup new Fail2ban jail with proper filter rules to block them. smile
Check /etc/fail2ban/jail.d/, iRedMail already has some jails enabled for you to harden the mail server. You need to add new jail (and probably add new filter rule under /etc/fail2ban/filter.d/) to block these bad guys.