1 Topic by lkgboater71

  • lkgboater71
  • Member
  • Offline
  • Registered: 2015-12-28
  • Posts: 3

Topic: Backup MX and fail2ban spam issue

============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.3
- Linux/BSD distribution name and version: Debian 8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): My Sql
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi -

I have 2 iredmail servers, one is the primary domain a.com , and the 2nd is configured as a backup MX for domain a.com.  What I'm seeing is that the spammers are trying to relay directly off the backup MX causing fail2ban on the primary MX to block the backup MX.

Here's an output example from the backup MX mailq:

759E01C0D4    20880 Tue Feb 16 13:41:06  Ybarra_Annette@lettrepromotionnelle.com
         (connect to a.com[45.1.2.3]:25: Connection refused)
                                         dude@a.com

Here's an output example from the primary MX iptables:

Chain fail2ban-postfix (1 references)
target     prot opt source               destination
REJECT     all  --  backupmx.com       anywhere             reject-with icmp-port-unreachable

I tried white listing the backup MX with the check_client_access parameter in postfix, but that didn't seem to work.

Is there a way to harden the backup MX so it rejects the spam like it does on the primary or to always allow the backup MX to connect to the primary without fail2ban locking.

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,802

Re: Backup MX and fail2ban spam issue

*) Is the second server a pure iRedMail server?
*) How did you setup backup MX?

lkgboater71 wrote:

I tried white listing the backup MX with the check_client_access parameter in postfix, but that didn't seem to work.

You may want to whitelist it in Fail2ban instead of Postfix. Check /etc/fail2ban/jail.local, setting "ignoreip =".

3 Reply by lkgboater71

  • lkgboater71
  • Member
  • Offline
  • Registered: 2015-12-28
  • Posts: 3

Re: Backup MX and fail2ban spam issue

ZhangHuangbin wrote:

*) Is the second server a pure iRedMail server?
*) How did you setup backup MX?

lkgboater71 wrote:

I tried white listing the backup MX with the check_client_access parameter in postfix, but that didn't seem to work.

You may want to whitelist it in Fail2ban instead of Postfix. Check /etc/fail2ban/jail.local, setting "ignoreip =".

Hi -

Yes they're both pure iredmail servers.

I did the following to setup the backupmx:

On the backup MX server added the domain using iredadmin.  (It's actually the second domain)
Updated the domain entry in the MySQL table to be backupmx=1 and transport = relay.
I didn't create any users on the backup MX.
Am I missing any steps?

I'll try the ignoreip in fail2ban config
Thanks!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,802

Re: Backup MX and fail2ban spam issue

lkgboater71 wrote:

Updated the domain entry in the MySQL table to be backupmx=1 and transport = relay.
I didn't create any users on the backup MX.

Wrong.

You should set backupmx=1, and transport="relay:[IP_of_primary_mx]". No need to create any user on backup mx.