Zimbra, fail2ban, CentOS 7, and firewalld
-
I have Zimbra running on a CentOS 7 VM and am looking to implement fail2ban. However, the guides I'm finding are 1) dated and 2) are assuming the host is using iptables.
If anyone has any experience setting up fail2ban for Zimbra using firewalld, I'd love some pointers. If you've set it up yourself and are willing to share your configs, I'd be forever grateful to that as well.
Thanks!
-
fail2ban for Zimbra in the context of IMAP or what?
-
Well, in examples I've seen, fail2ban is watching /var/log/zimbra as well as /opt/zimbra/mailbox.log for failed login attempts. So I was kind-of hoping for that.
This server in particular was seeing repeated postfix SASL login attempts. From what I gather foreign hosts were trying to authenticate to use it as a mail relay. The traffic has since gone away, but it triggered a wave of "my account is locked out" IT tickets.
I think in this case, with fail2ban tuned right, it would've stopped the noise.
-
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
Well, in examples I've seen, fail2ban is watching /var/log/zimbra as well as /opt/zimbra/mailbox.log for failed login attempts. So I was kind-of hoping for that.
This server in particular was seeing repeated postfix SASL login attempts. From what I gather foreign hosts were trying to authenticate to use it as a mail relay. The traffic has since gone away, but it triggered a wave of "my account is locked out" IT tickets.
I think in this case, with fail2ban tuned right, it would've stopped the noise.
I see, that makes sense.
-
-
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
Hmm...
-
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
Hmm...
Not sure why they use iptables in that example, since it is a CentOS 7 example.
-
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
Hmm...
Not sure why they use iptables in that example, since it is a CentOS 7 example.
Yeah. Though perhaps calls to iptables are automatically translated to firewalld? I'm going to give it a try anyway. We'll see how it goes...
-
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
Hmm...
Not sure why they use iptables in that example, since it is a CentOS 7 example.
Yeah. Though perhaps calls to iptables are automatically translated to firewalld? I'm going to give it a try anyway. We'll see how it goes...
That's what I am thinking.
-
@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:
@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
Hmm...
That's probably what they did, because you need to disable firewalld to enable iptables.
