1

Topic: Adjust tolerance to wrong password lockout

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Deployed with iRedMail Easy or the downloadable installer? NO
- Linux/BSD distribution name and version: Ubantu 18.0.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Can someone please advise how to increase the tolerance to a wrong password.  Currently (with default settings) it seems that when someone gets their password wrong maybe twice, it will lockout the whole IP address for an hour, which affects many other users on the network.  Where are the settings to increase to say 10 incorrect passwords and only lockout for say 10 mins?  I checked all the docs but couldn't find anything about this.

Thanks,
Stephen

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by morethanlazy 2019-01-30 08:49:01)

Re: Adjust tolerance to wrong password lockout

Hey stephen, you can change your fail2ban settings.

sudo nano /etc/fail2ban/jail.local
and change maxretry to whatever you want.

Mine is like this :
                   
[DEFAULT]
# time is in seconds. 3600 = 1 hour, 86400 = 24 hours (1 day)
findtime    = 86400
bantime     = 31556926
maxretry    = 2
ignoreip    = 127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16


It means if within 1 day 2 pass fail, ban for 1 year, thats what recommended for me against brut force attacks

3

Re: Adjust tolerance to wrong password lockout

Thank you - that was very helpful and now have it working much better.