1 Topic by roshanjonah

  • roshanjonah
  • Member
  • Offline
  • Registered: 2016-02-02
  • Posts: 17

Topic: whitelisting IPs

==== Required information ====
- iRedMail version (check /etc/iredmail-release): RedMail    v0.9.2 and iRedAdmin-Pro    v2.4.0 (MySQL)
- Linux/BSD distribution name and version: Ubuntu
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

This happens time to time. Our support system has more than 50 support email addresses configured which it logins to check every minute or so. So thats about 50 connections every minute, lets say.

For some reason IRedMail or some software that comes with it is blocking the support system server IP and refusing the connection. We are guessing its probably because we connect to it way too often. Can you please tell us how to whitelist IPs that we often connect through so it doesn't think we are trying to spam or connect multiple times.

Regards,
RJ

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: whitelisting IPs

Seems blocked by Fail2ban, you can whitelist IP addresses/networks in file /etc/fail2ban/jail.local, parameter "ignoreip =".

3 Reply by roshanjonah

  • roshanjonah
  • Member
  • Offline
  • Registered: 2016-02-02
  • Posts: 17

Re: whitelisting IPs

Hi there,

I am still getting this:

Chain fail2ban-postfix (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  ec2-52-86-198-209.compute-1.amazonaws.com  anywhere             reject-with icmp-port-unreachable

Not sure what I need to be doing.

Regards,
RJ

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: whitelisting IPs

Did you list all trusted IP addresses in Fail2ban config file (/etc/fail2ban/jail.local)?

5 Reply by franciscopaniskaseker

  • franciscopaniskaseker
  • Member
  • Offline
  • Registered: 2022-12-08
  • Posts: 6

Re: whitelisting IPs

ZhangHuangbin wrote:

Did you list all trusted IP addresses in Fail2ban config file (/etc/fail2ban/jail.local)?

I just added in iredmail pro web dashboard. I am not aware that I also need to manually allow the ips in fail2ban. I thought this is one of the reasons of the web dashboard exist.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: whitelisting IPs

franciscopaniskaseker wrote:

I just added in iredmail pro web dashboard. I am not aware that I also need to manually allow the ips in fail2ban. I thought this is one of the reasons of the web dashboard exist.

There're different whitelists in a mail server, e.g. email address (or domain) based whitelisting, IP based, HELO hostname based, etc. iRedAdmin-Pro doesn't have privilege to update config files on system, so it can not update jail.local directly.

We're working on the on-premises edition of iRedMail Easy, it has the ability to update config files and it's coming soon. https://www.iredmail.org/pro.html