It occurred to me that the 0.9.8 distribution doesn't include a fail2ban jail for hacking attempts at the iredmail admin/management page. If anyone wants to add this you can set up a jail to monitor /var/log/uwsgi/app/iredadmin.log (Debian version) and use the filter:

failregex = ^.+ \[.*\] <HOST> \(.*\) \{.*\} \[.*\] GET \/iredadmin\/login\?msg=INVALID_CREDENTIALS.*$

This will ban after x bad password attempts at the web admin page. This might be good to add to the next release (unless it is already in there? I didn't see it.)

Thanks for a great product!