Dec 29, 2023: iRedMail-1.6.8 has been released.

**attoy** · 2015-11-21 20:39:44

attoy
Member
Offline

Registered: 2015-11-19
Posts: 8

Topic: Adding IPTables, Fail2ban

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 8.2 x64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: no log
====

Is it possible to add the IPTables and Fail2Ban on an already installed iRedMail server? If yes, how can I do that?

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2015-11-22 11:45:40

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,792

Re: Adding IPTables, Fail2ban

*) Install Fail2ban package first.
*) Create or update /etc/fail2ban/jail.local. We have a sample file for you:
https://bitbucket.org/zhb/iredmail/src/ … jail.local

*) Download filters used by iRedMail to /etc/fail2ban/filter.d/:
https://bitbucket.org/zhb/iredmail/src/ … /filter.d/

*) Restart fail2ban service.

That's it. Easy?

**attoy** · 2015-11-22 18:07:33

attoy
Member
Offline

Registered: 2015-11-19
Posts: 8

Re: Adding IPTables, Fail2ban

ZhangHuangbin wrote:

*) Install Fail2ban package first.
*) Create or update /etc/fail2ban/jail.local. We have a sample file for you:
https://bitbucket.org/zhb/iredmail/src/ … jail.local
*) Download filters used by iRedMail to /etc/fail2ban/filter.d/:
https://bitbucket.org/zhb/iredmail/src/ … /filter.d/
*) Restart fail2ban service.
That's it. Easy?

Yeah , easy enough However I used the sample files from the bitbucket repository, when I try to restart Fail2Ban I get this error:

● fail2ban.service - LSB: Start/stop fail2ban
Loaded: loaded (/etc/init.d/fail2ban)
Active: active (exited) since Sun 2015-11-22 05:06:50 EST; 5s ago
Process: 27297 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS)
Process: 27305 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS)

Nov 22 05:06:50 mail fail2ban[27305]: Starting authentication failure monitor: fail2banERROR No file(s) found for glob PH_SSHD_LOGFILE
Nov 22 05:06:50 mail fail2ban[27305]: ERROR Failed during configuration: Have not found any log file for sshd jail
Nov 22 05:06:50 mail fail2ban[27305]: failed!

Do I need to manually edit the logfiles entry in the jail.local file?

**ZhangHuangbin** · 2015-11-22 20:51:07

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,792

Re: Adding IPTables, Fail2ban

attoy wrote:

Nov 22 05:06:50 mail fail2ban[27305]: ERROR Failed during configuration: Have not found any log file for sshd jail

Please update jail.local to use correct log file of ssh service.

**attoy** · 2015-11-22 21:06:04

attoy
Member
Offline

Registered: 2015-11-19
Posts: 8

Re: Adding IPTables, Fail2ban

ZhangHuangbin wrote:

attoy wrote:
Nov 22 05:06:50 mail fail2ban[27305]: ERROR Failed during configuration: Have not found any log file for sshd jail
Please update jail.local to use correct log file of ssh service.

Ok , in the jail.local template the log entries are like that:

logpath = PH_SSHD_LOGFILE

should I change it to something like

logpath = /var/log/auth.log

?

**ZhangHuangbin** · 2015-11-23 19:43:00

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,792

Re: Adding IPTables, Fail2ban

attoy wrote:

Ok , in the jail.local template the log entries are like that:
logpath = PH_SSHD_LOGFILE
should I change it to something like
logpath = /var/log/auth.log
?

Sure. You should replace all strings which start with 'PH_' by the real value on your server.

**attoy** · 2015-11-23 21:42:09

attoy
Member
Offline

Registered: 2015-11-19
Posts: 8

Re: Adding IPTables, Fail2ban

I've issue finding the Roundcube'slog: logpath = PH_RCM_LOGFILE and the Postfix one, is it the mail.log?

For the Dovecot log I pointed it to the dovecot.log is it ok or should I point it to dovecot-lmtp.log?

Thanks again

**ZhangHuangbin** · 2015-11-23 22:01:02

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,792

Re: Adding IPTables, Fail2ban

*) Roundcube, Amavisd, Postfix log to /var/log/mail.log.
*) Dovecot logs to /var/log/dovecot.log. Sieve logs to dovecot-sieve.log, lmtp logs to dovecot-lmtp.log. In Fail2ban, just use dovecot.log.

**attoy** · 2015-11-23 22:09:10

attoy
Member
Offline

Registered: 2015-11-19
Posts: 8

Re: Adding IPTables, Fail2ban

Thank you very much

Dec 29, 2023: iRedMail-1.6.8 has been released.

Adding IPTables, Fail2ban

Posts: 9

1 Topic by attoy 2015-11-21 20:39:44

Topic: Adding IPTables, Fail2ban

2 Reply by ZhangHuangbin 2015-11-22 11:45:40

Re: Adding IPTables, Fail2ban

3 Reply by attoy 2015-11-22 18:07:33

Re: Adding IPTables, Fail2ban

4 Reply by ZhangHuangbin 2015-11-22 20:51:07

Re: Adding IPTables, Fail2ban

5 Reply by attoy 2015-11-22 21:06:04

Re: Adding IPTables, Fail2ban

6 Reply by ZhangHuangbin 2015-11-23 19:43:00

Re: Adding IPTables, Fail2ban

7 Reply by attoy 2015-11-23 21:42:09

Re: Adding IPTables, Fail2ban

8 Reply by ZhangHuangbin 2015-11-23 22:01:02

Re: Adding IPTables, Fail2ban

9 Reply by attoy 2015-11-23 22:09:10

Re: Adding IPTables, Fail2ban

Posts: 9