1

Topic: dovecot.iredmail.conf 增加 fail2ban filter 內容

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi 版主:
1). 在  /etc/dovecot/dovecot.conf
啟用:
auth_verbose = yes
auth_verbose_passwords = yes

2). /etc/fail2ban/filter.d/dovecot.iredmail.conf
#新增:
          \(\S*,<HOST>(\)|\S*\)): (unknown user|unknown user \(given password:.*\)|Username character disallowed|Request timed out waiting for client to continue authentication)

3). 設定 log 檔的權限 0640
# ll /var/log/dovecot/*.log
-rw-r-----  1 vmail vmail 67832193  7月 19 14:08 /var/log/dovecot/dovecot.log
-rw-r-----  1 root  root  20443646  7月 22 16:56 /var/log/dovecot/imap.log
-rw-r-----  1 root  root   2118425  7月 22 16:50 /var/log/dovecot/lda.log
-rw-r-----  1 root  root  17671683  7月 22 17:09 /var/log/dovecot/pop3.log
-rw-r-----. 1 root  root       529  3月  7 14:06 /var/log/dovecot/sieve.log

可對以下的log ;spammer 攻擊做有效的防護
#dovecot: auth: ldap(andrew,37.49.224.79,<HHnFgF6MnvQlMeBP>): unknown user (given password: andrew)
#dovecot: auth: plain(?,95.211.214.230,<mvE9QzCLDc1f09bm>): Username character disallowed by auth_username_chars: 0xe9 (username: c?line)
#dovecot: auth: login(?,192.129.186.58): Request timed out waiting for client to continue authentication (150 secs)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: dovecot.iredmail.conf 增加 fail2ban filter 內容

这两个参数默认都是不开启的,因此也就没有相应的 fail2ban filter。暂时没有计划加入这个新规则。
感谢反馈和分享的 filter rule。:)