1 (edited by marco2015 2015-09-25 00:29:13)

Topic: failed login more times, how to unblock IP?

======== Required information ====
- iRedMail version (check /etc/iredmail-release): newest 0.9.2
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx):apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

Hi,
I just tried to login with wrong password more times and IP of computer is blocked by iredmail, I cannot visit roundcube except through proxy. I think IP is blocked, other domain on the same VPS is not working except through proxy.

how to unblock IP and how to set up iredmail to block after 20 login tries and not after 3 or 5 tries?

and I have 2 more question,
1) how to change postmaster@mail.domain.com to become postmaster@domain.com? should I just change DNS settings or something more?

2) if i want to install squirrelmail beside roundcube, will I damage/overwrite present files/installation of iredmail/mysql?
as I see, it is just sudo apt-get install squirrelmail and later changing vhost in apache (/etc/apache2/sites-available/squirrelmail) and after that configuring it, but squirrelmail is not included in iredmail by default and maybe there is reason why it is so.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by marco2015 2015-09-25 04:56:00)

Re: failed login more times, how to unblock IP?

maybe this is answer on part of the first question, to unblock IP, I need to restart fail2ban to delete all blocked IPs or to write:
iptables -L --line-numbers
find the relevant line and write down the number in "num" column and chain name,
then delete the IP from firewall:
iptables -D fail2ban-dovecot 2
(Meaning: delete second rule from chain fail2ban-dovecot)

but more important is how to block IP after 20 wrong logins and not after 5.

additional info:

I did iptables -L --line-numbers and iptables -D fail2ban-roundcube 1
so I removed my IP.
then I found /etc/fail2ban and changed jail.local and and jail.conf there are parameters for max retry and ignore my IP, so, my IP will not be banned.
after that I made ip.blacklist in /etc/fail2ban and edited multiport file:
/etc/fail2ban/action.d# vim iptables-multiport.conf
in actionstart section I added:
cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done
in actionban section I added:
echo <ip> >> /etc/fail2ban/ip.blacklist
I wrote in that file IP address range of spammer:
43.229.53.44/32
then I restarted fail2ban: sudo service fail2ban restart

I hope I did well smile

3

Re: failed login more times, how to unblock IP?

marco2015 wrote:

but more important is how to block IP after 20 wrong logins and not after 5.

Search 'maxretry' in /etc/fail2ban/jail.local.