1 Topic by freeda.suing

  • freeda.suing
  • Member
  • Offline
  • Registered: 2014-10-13
  • Posts: 56

Topic: iRedmail and fail2ban

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04.3 LTS 64-bit
- Related log if you're reporting an issue:
====

fail2ban drops our public IP. How to whitelist a specific IP address so it wont block it in iptables? I already added the ip /32 in jail.conf but still our public ip was blocked.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedmail and fail2ban

Two ways:

1) Fail2ban invokes iptables to block client IP address if there're too many password failures in period. So you have to avoid many password failures in a short period.
2) If your public IP is a static IP address, whitelist it in Fail2ban config file /etc/fail2ban/jail.local.

3 Reply by freeda.suing

  • freeda.suing
  • Member
  • Offline
  • Registered: 2014-10-13
  • Posts: 56

Re: iRedmail and fail2ban

Hi Zhang,

Glad to hear from you. I see I added our public static IP in jail.conf ignoreip. So I have to do the same with jail.local ignoreip if thats the case then.

Will do. Thanks!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedmail and fail2ban

jail.conf may be override during package update, you'd better add it in jail.local.

5 Reply by freeda.suing

  • freeda.suing
  • Member
  • Offline
  • Registered: 2014-10-13
  • Posts: 56

Re: iRedmail and fail2ban

Thanks Zhang. iRedmail is now in production and I'm gonna observe how it goes. Hope it does not block it again.

ZhangHuangbin wrote:

jail.conf may be override during package update, you'd better add it in jail.local.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedmail and fail2ban

Would you mind sharing your iRedMail story? smile

7 Reply by freeda.suing

  • freeda.suing
  • Member
  • Offline
  • Registered: 2014-10-13
  • Posts: 56

Re: iRedmail and fail2ban

Most definitely! Highlighting on how wonderful their support is.

ZhangHuangbin wrote:

Would you mind sharing your iRedMail story? smile

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: iRedmail and fail2ban

freeda.suing wrote:

Most definitely! Highlighting on how wonderful their support is.

Could you help create a new forum post with this post template?
http://www.iredmail.org/forum/topic25-s … story.html

9 Reply by freeda.suing

  • freeda.suing
  • Member
  • Offline
  • Registered: 2014-10-13
  • Posts: 56

Re: iRedmail and fail2ban

Hi Zhang,

you may now close this case. It's been 3 days and our static ip address is not anymore blocked by fail2ban. Thanks!

PS I've also created a post in success stories smile Thanks!

ZhangHuangbin wrote:
freeda.suing wrote:

Most definitely! Highlighting on how wonderful their support is.

Could you help create a new forum post with this post template?
http://www.iredmail.org/forum/topic25-s … story.html