Your IP get banned by fail2ban, even though your ip is trusted ip, so what will you do? just put your ip on the whitelist :
Before you read my post. I want to apologize for my bad english because i still learn to write in english,thankyou.
Spam in an e-mail server is a headache, although it has been used mail transfer agent (mta), spam can still keep coming massively. There were many alternatives to spam filtering, and one which is known tough use fail2ban. Actually Fail2ban not only can be used for spam filtering, but also to improve protection for server in general (eg ssh), please “CMIIW”.
This post will tell you how to configure fail2ban to prevent spam at the zimbra mail server (according to the title). Go directly to the steps:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm ,if it proceed with:
yum install fail2ban
# Fail2Ban configuration file
#
# Author:
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[ip=<HOST>;\] account - authentication failed for .* \(no such account\)$
\[ip=<HOST>;\] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
\[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
NOQUEUE: reject: RCPT from .*\[<HOST>\]: 550 5.1.1 .*: Recipient address rejected:
# .*\[ip=<HOST>;\] .* - authentication failed for .* \(invalid password\)
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 747 $ ## The DEFAULT allows a global definition of the options. They can be overridden # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 202.43.115.188/32 # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". This option can be overridden in # each jail too (use "gamin" for a jail and "polling" for another). # # gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin # is not installed, Fail2ban will use polling. # polling: uses a polling algorithm which does not require external libraries. # auto: will choose Gamin if available and polling otherwise. backend = auto # This jail corresponds to the standard configuration in Fail2ban 0.6. # The mail-whois action send a notification e-mail with a whois request # in the body. [ssh-iptables] enabled = false filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=zeze@vavai.com, sender=fail2ban@excellent.co.id] logpath = /var/log/messages maxretry = 5 # This jail forces the backend to "polling". [sasl-iptables] enabled = false filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=support@excellent.co.id] logpath = /var/log/zimbra.log # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is # used to avoid banning the user "myuser". [ssh-tcpwrapper] enabled = false filter = sshd action = hostsdeny sendmail-whois[name=SSH, dest=support@excellent.co.id] ignoreregex = for myuser from logpath = /var/log/messages # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # option is overridden in this jail. Moreover, the action "mail-whois" defines # the variable "name" which contains a comma using "". The characters '' are # valid too. [zimbra-account] enabled = true filter = zimbra action = iptables-allports[name=zimbra-account] sendmail[name=zimbra-account, dest=contoh@contoh.co.id] logpath = /opt/zimbra/log/mailbox.log bantime = 600 maxretry = 5 [zimbra-audit] enabled = true filter = zimbra action = iptables-allports[name=zimbra-audit] sendmail[name=Zimbra-audit, dest=contoh@contoh.co.id] logpath = /opt/zimbra/log/audit.log bantime = 600 maxretry = 5 [zimbra-recipient] enabled = true filter = zimbra action = iptables-allports[name=zimbra-recipient] sendmail[name=Zimbra-recipient, dest=contoh@contoh.co.id] logpath = /var/log/zimbra.log #findtime = 604800 bantime = 172800 maxretry = 5 [postfix] enabled = true filter = postfix action = iptables-multiport[name=postfix, port=smtp, protocol=tcp] sendmail-buffered[name=Postfix, dest=contoh@contoh.co.id] logpath = /var/log/zimbra.log bantime = -1 maxretry = 5 #[sasl] #enabled = true #port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s #filter = sasl # You might consider monitoring /var/log/warn.log instead # if you are running postfix. See http://bugs.debian.org/507990 #logpath = /var/log/zimbra.log
A little bit explanations of the parameters of the script above:
– Ignoreip = to define ip / ip range (usually local) that do not need to be checked.
– Bantime = rule how long an ip will be banned, the units is seconds.
– Findtime = ip rules of time how many seconds will be able to access again once exceeded maxretry.
– Maxretry = maximum number of times an ip could try to access the server.
– Sendmail = report filtering report to which the email will be delivered (I do not use this feature, so put a “#” w/o “” in front of him)
Sources:
1. https://www.excellent.co.id/product-services/zimbra/implementasi-fail2ban-untuk-meningkatkan-performa-keamanan-zimbra-mail-server-2/
2. http://www.catatanlepas.com/komputer/security/478-instalasi-fail2ban-di-centos-6-3
The day before yesterday, I and my partner was confused with the problem “why corporate e-mail can not send e-mail to external domains (ex: gmail, yahoo)”, but it still can accept (trouble in the outgoing mail). Various assumptions were out, ranging from as spamblock, no, probably Postfix configuration problem? no. Finally after many times saw logs mail to look for where section problem, i just found the message “connection timed out” when server try to reach destination domain. Google was the next target, browsing everywhere, had a headache as well as suggestions on the forums mentioned if there is a problem is most likely due to a firewall or in rDNS (reverse DNS). Browsing deeper once again, until finally found a strong presumption that the most likely cause of the e-mail could not be sent (deffered in the mail queue) is due to port 25 was blocked. Then I make sure to check the firewall, it is not, and finally I decided to contact the ISP (Internet Service Provider), from where the case revealed, it say that port 25 is blocked by the ISP (damn! :LOL:), I request to unblock that, and finally e-mail sent smoothly. That experience I can share, hope can be useful.
Krita is an open source image processing software that is designed with the placement of menus and tool similar to the photo**o*. Krita can also be an alternative for those who are too confuse using GIMP for image processing, in addition, Krita also can be used by illustrators and cartoonists. Here’s how to install Krita on Kubuntu (also can for ubuntu) :
Krita also released version for Windows operating system and Mac OSX, good luck.
Source:
ahimsaagni 