Topic: Add SASL failures to fail2ban
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====
May I suggest adding the following to fail2ban (/etc/fail2ban/jail.local) to ban brute force attempts to SASL accounts?
[sasl]
enabled = true
maxretry = 3
action = iptables-multiport[name=sasl, port="smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s", protocol=tcp]
sendmail-whois[name=sasl, dest=root, sender=fail2ban@foo.bar]
filter = postfix-sasl
logpath = /var/log/mail.warn
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.