[ENHANCEMENT] fail2ban for grommunio

noplan · 2021-09-20T12:25:18+00:00

anyone done this so far or any hints of how to do it brNP

jengelh

The current (postmodern) FHS practice is to not put boilerplate or defaults into /etc. So yes, files naturally don't exist.
(Picture the year 2008: /etc/squid/squid.conf was almost 4300 lines in size. Only 35 lines were truly relevant, but computers don't know that, so when a new version of the config file came along, it was the admin's job to merge it somehow. Not fun. // Some other reading material: factory reset)

jengelh

gromox>=2.20.94 will have zcore report the address as well and the messages are more similar across daemons so to catch it with one fail2ban regex.

WalterH

jengelh thank you.

weini

Thank you for implementing this!
Just checked the latested Debian 12 packages: 2.20.6
Is there maybe some issue with the Debian build pipeline again? I´m just asking as the version difference seems to be a bit high.

jengelh

Decided to give /community a slower publishing pace.

WalterH

The [postfix-sasl] jail do not work as expected. We need to modify the jail file: /etc/fail2ban/jail.local and replace the [postfix-sasl] section with:

[postfix-sasl]
enabled = true
backend = systemd
maxentry = 3
bantime = 1h
filter  = postfix[mode=auth]
port    = smtp,465,submission,imap,imaps,pop3,pop3s
#

Restart fail2ban with systemctl restart fail2ban, now SASL logins should be blocked.

sweetgood

I can confirm that the issue from @faspie still applies to a grommunio SUSE appliance which was installed in November 2023 and only updated/upgraded since then. Just remove busybox-ed (whoever installed that) and let zypper in fail2ban do the rest.

@WalterH 's templates in combination with @crpb 's installation script worked like a charm. Thanks to both of you for providing them 🎉

« Previous Page