• Home
  • Free Stuff
  • About
  • Contact

Fail2Ban, Zimbra’s DoSFilter and Failed Login Lockout Policy

October 21, 2018

On each Zimbra deployment strategy, I’ve never activate Failed Login Lockout Policy as it tend to block legitimate user from being logged in due to brute force attack from others. The legitimate users often become a victim for spammer or robot attempt to login.

I would also prefer Fail2ban to block login attempt from spammer rather than Zimbra’s built in filter, DoSFilter. But it seems to be changed after looking at (just a short reply 🙂 ) on a discussion on Zimbra Forums.

L Mark Stone of Mission Critical Email write up : “Using Zimbra’s DoSFilter and Failed Login Lockout Policy Together”

Zimbra’s DoSFilter (Denial of Service Filter) is a mechanism to throttle or block IP addresses that have a repeated number of failed logins to your Zimbra system.  Zimbra’s Classes of Service include a Failed Login Lockout policy that will put a mailbox in Locked Out mode, hopefully before a brute force attack is successful.  The two together can improve system security and protect legitimate users, but only if configured appropriately.

DoSFilter is generally easier to configure than fail2ban in multiserver systems, because in a multi-server system the logger host is usually one of the mailbox servers, but you want to do the fail2ban blocking on the MTA and Proxy servers.  Making all that work is complex, and if you are running Network Edition, Zimbra Support can help you troubleshoot DoSFilter; with fail2ban you are on your own.  On single server Zimbra systems, fail2ban works fine, but you’ll need to source up to date Zimbra “jail” configuration files, so yet another reason to favor DoSFilter over fail2ban.

As one of top Zimbra Expert involved on Zimbra Forums since the beginning and managing his business focus on email, Mark has his own’s experience to deal with Zimbra security improvement and his blog post interesting enough to be implemented.

DoSFilterFail2BanSpamZimbra
Share

Zimbra

Masim "Vavai" Sugianto
Traveller, Open Source Enthusiast & Book Lover. Works as Independent Worker & Self-Employer.

Leave A Reply


Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Recent Posts

    • Custom SSL Certificate Deployment on vCenter Server 6.7
    • Commercial SSL Certificate Deployment on vSphere Host 6.7
    • VMware vSphere 6.7 Ebook (Indonesian)
    • Pursuing FIRE in Indonesia : Expenses and Living Cost
    • Pursuing FIRE in Indonesia : Choosing Dividend Stock
    • Intel NUC NUC817HVK Hades Canyon VR Edition
    • Financial Independence : Beginning the Journey
    • Zimbra MariaDB Error : Can’t init tc log
    • Being Tired for Daily Routine
    • Script to Add Dynamic IP to /etc/hosts



© Copyright LetsBlog Theme Demo - Theme by ThemeGoods