1

Topic: Fail2ban shared database possible?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? download
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I have a customer with 2 mail servers that share the same databases. I recently upgraded to 1.4 and as part of that I implemented the fail2ban db. I am wondering if there is a sane way to have both mail servers use the same db so that the banned ip addresses are always the same on both servers?

I have been trying to get this to work but so far I have not been successful. One of the problems is that when you start and stop the fail2ban service unless both machines already have the same ip addresses in them the other machine and the db are out of sync. I am sure there are others.

As a work around, I have created a 2nd table in the fail2ban db for the 2nd machine to store banned addresses but that means I have to manage that machine from the command line.

Failing that, is there a way to have iRedAdmin Pro be able to list the banned addresses for more than 1 server/db?

Regards,

Tom

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Fail2ban shared database possible?

I tried 2 ways to solve this in a cluster setup:

- Run a simple http API server on all cluster nodes, config fail2ban to call an API endpoint to ban/unban/cleanup IP address.
- Write a shell script to read banned IPs from sql db, then ban new/missed ones and unban missing ones.

Either one was working for me, maybe not elegant, but it works.

3

Re: Fail2ban shared database possible?

ZhangHuangbin wrote:

I tried 2 ways to solve this in a cluster setup:

- Run a simple http API server on all cluster nodes, config fail2ban to call an API endpoint to ban/unban/cleanup IP address.
- Write a shell script to read banned IPs from sql db, then ban new/missed ones and unban missing ones.

Either one was working for me, maybe not elegant, but it works.

The first one works for me as well - I use proxmox firewall API and use custom fail2ban action to report to this API updating the shared ipset.
It's working fine for months now dramatically reducing connections and server load. I can recomend this.