1

Topic: fail2ban suggestion

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

Hi Zhang,

I use iRM for several months now and it's running very very well. Thank you for your work and effort to help here in the forum to every single user! Many thanks coming to you!

Well, back to the topic - recently I needed to add ignoreips to the fail2ban (large company behind single IP with sclerotic users smile - I added the IP into global [DEFAULT] section but it didn't help.
I found out, the DEFAULT section is used only if you don't specify the parameter (ignoreip in my case) in the specific rule.

As conclusion, I would like to suggest you to delete all the ignoreip lines in the iredmail rules and add the private IP ranges in the DEFAULT section. It seems to me more logical and strightforward to adjust the rules...

Thank you!

2

Re: fail2ban suggestion

Interesting, this one was fixed 3 days ago:
https://bitbucket.org/zhb/iredmail/comm … ail2ban.sh

Again, thanks Daniel Black (daniel.subs@) for asking me to move those parameters (ignoreip, maxretry, bantime) to '[DEFAULT]' section in jail.local.