1 Topic by posa68 (edited by posa68 2012-05-29 18:00:22)

  • posa68
  • Member
  • Offline
  • Registered: 2011-06-30
  • Posts: 111

Topic: Fail2Ban lock some IP's

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL): IredMail 0.8.0, IredAdmin Pro 1.4.0
- Linux/BSD distribution name and version: centos 5.x
- Any related log? Log is helpful for troubleshooting.
====

Hi,

I have one customer with problems connecting to iredmail from his ADSL line.

I try to exclude this IP from fail2ban (jail.local file) and the problem gone for few days, but now this problem it's happened again.

If I restart fail2ban service the problem seems to be gone away, but again the customer in few days it will be blocked again.

How can i debug this?
Thanks in advance.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban lock some IP's

Fail2ban scans log files and bans IPs which have too many password failure, so, to avoid this issue, please make sure you have correct password configured in your mail clients. Or, disable fail2ban service, but it's not recommended.

3 Reply by posa68 (edited by posa68 2012-05-29 18:37:43)

  • posa68
  • Member
  • Offline
  • Registered: 2011-06-30
  • Posts: 111

Re: Fail2Ban lock some IP's

In this particulary case I have under that public IP, more than 50 client, plus others 40/50 client that check their mailboxes through webmail, so it's difficult to check everyone consistance or avoid human errors.

My iredmail box it will be protected by two separate firewall: one is for IP rules and another one for packet inspection, maybe in this case can I disable the service?

Or if you have some other advice...

Thanks.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban lock some IP's

Then disable Fail2ban service for testing. You can enable it anytime when you think it's better to bring it back.

Disable Fail2ban on RHEL/CentOS/Scientific Linux:

# chkconfig --level 345 fail2ban off
# /etc/init.d/fail2ban stop

5 Reply by posa68

  • posa68
  • Member
  • Offline
  • Registered: 2011-06-30
  • Posts: 111

Re: Fail2Ban lock some IP's

ZhangHuangbin wrote:

Then disable Fail2ban service for testing. You can enable it anytime when you think it's better to bring it back.

Disable Fail2ban on RHEL/CentOS/Scientific Linux:

# chkconfig --level 345 fail2ban off
# /etc/init.d/fail2ban stop

Ok, thanks.

Ps. There is a way to see a log from fail2ban?
I'm looking, but it seems disabled...

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Fail2Ban lock some IP's

On RHEL/CentOS/Scientific Linux, Fail2ban logs to /var/log/messages by default.