Skip to content
Bots!
Bots!
  • About
    • Myself
    • আমার দোয়া
  • Bookmarks
    • Bookmarks
    • My OCI Bookmarks
    • Useful Proxmox Commands & Links
    • Learning Nano
    • Useful Sites
    • Useful Virtualbox Command
    • Useful MySQL Command
    • Useful Linux Command
    • BTT-CAS
  • Resources
    • Webinar on Cloud Adoption for Project Managers
  • Photos
  • Videos
  • Downloads
Bots!

Install and Configure Fail2Ban for Zimbra on CentOS 7

Rumi, September 12, 2023

Below is how to install and configure Fail2Ban for Zimbra. In this guidance, I use CentOS. Please adjust python-pip version if using another OS

1. Install pip

yum install python3-pip

2. Install dependencies required by Fail2Ban

pip3 install pyinotify
pip3 install dnspython

3. Download and extract Fail2Ban

cd /tmp/
wget -c https://github.com/fail2ban/fail2ban/archive/0.9.4.tar.gz

4. Install Fail2Ban

tar -xvf 0.9.4.tar.gz
cd fail2ban-0.9.4
python3 setup.py install

5. Copy Fail2Ban service to systemd

cp files/fail2ban.service /usr/lib/systemd/system/

6. Adjust bin location on Fail2Ban service

vi /usr/lib/systemd/system/fail2ban.service

Adjust the following lines. Change /usr/bin become /usr/local/bin

ExecStart=/usr/local/bin/fail2ban-client -x start
ExecStop=/usr/local/bin/fail2ban-client stop
ExecReload=/usr/local/bin/fail2ban-client reload

Create fail2ban folder

mkdir /var/run/fail2ban
vi /usr/lib/tmpfiles.d/var.conf

Add this line at the bottom

d /var/run/fail2ban 0755 - - -

Reload systemd

systemctl daemon-reload

7. Create zimbra.jail

vi /etc/fail2ban/jail.d/zimbra.local

Fill with the following lines and save

[zimbra-submission]
enabled = true
filter = zimbra-submission
logpath = /var/log/zimbra.log
maxretry = 3
findtime = 3600
bantime = 36000
action = iptables-multiport[name=zimbra-submission, port="25,465,587", protocol=tcp]

[zimbra-webmail]
enabled = true
filter = zimbra-webmail
logpath = /opt/zimbra/log/mailbox.log
maxretry = 3
findtime = 3600
bantime = 36000
action = iptables-multiport[name=zimbra-webmail, port="80,443", protocol=tcp]

[zimbra-admin]
enabled = true
filter = zimbra-admin
logpath = /opt/zimbra/log/mailbox.log
maxretry = 3
findtime = 3600
bantime = 36000
action = iptables-multiport[name=zimbra-admin, port="7071", protocol=tcp]

8. Create filters

– Zimbra Admin

curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-admin.conf > /etc/fail2ban/filter.d/zimbra-admin.conf

– Zimbra Webmail

curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-webmail.conf > /etc/fail2ban/filter.d/zimbra-webmail.conf

– Zimbra SMTP/SMTPS/Submission

curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-submission.conf > /etc/fail2ban/filter.d/zimbra-submission.conf

9. Ignore localhost and Zimbra IP

Open file /etc/fail2ban/jail.conf. Find line “ignoreip =” and add the IP address that will be ignored from Fail2Ban checking. You can use comma or space to add multiple IP

ignoreip = 127.0.0.1/8 IP-ADDRESS-OF-ZIMBRA/32 OTHER-IP-ADDRESS/32

10. Enable and restart Fail2Ban

systemctl enable fail2ban
systemctl restart fail2ban

Additional Configuration :

– Block type that uses by Fail2Ban is “REJECT –reject-with icmp-port-unreachable”. If you want to use DROP, open file /etc/fail2ban/action.d/iptables-common.conf and change it to blocktype = DROP

11. Logging the Originating IP

In a multi-server environment, or any environment running a proxy, the mailboxd server may only log the IP of the connecting proxy. X-Originating-IP support for nginx or other fronting proxy. In order to use this feature, you must define the Trusted IPs of your internal nginx proxies, so that the mailstores will instead capture the data on the originating IP from the HTTP traffic. By default, the zimbraMailTrustedIP is empty.

Run the following command to configure zimbraMailTrustedIP

zmprov mcf +zimbraMailTrustedIP {IP of nginx-1} +zimbraMailTrustedIP {IP of nginx-2}

Example

zmprov mcf +zimbraMailTrustedIP 127.0.0.1 +zimbraMailTrustedIP 10.11.12.13

Check the configuration then restart the mailbox

zmprov gcf zimbraMailTrustedIP
zmmailboxdctl restart

12. Test regex

You can test regex with run this command

fail2ban-regex /opt/zimbra/log/mailbox.log /etc/fail2ban/filter.d/zimbra-webmail.conf

Now my Zimbra already use Fail2Ban. If you want to see ip address that blocked by Fail2Ban, run fail2ban-client command

fail2ban-client status

If you want to see zimbra-webmail jail, run command

fail2ban-client status zimbra-webmail
[root@mail ~]# fail2ban-client status zimbra-webmail
Status for the jail: zimbra-webmail
|- Filter
| |- Currently failed: 1
| |- Total failed: 11
| `- File list: /opt/zimbra/log/mailbox.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 123.xx.xx.xx

Src:

How to Install and Configure Fail2Ban for Zimbra

Administrations Collected Articles Configurations (Linux) CentOSfail2banzimbra

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Myself…

Hi, I am Hasan T. Emdad Rumi, an IT Project Manager & Consultant, Virtualization & Cloud Savvyfrom Dhaka, Bangladesh. I have prior experience in managing numerous local and international projects in the area of Telco VAS & NMC, National Data Center & PKI Naitonal Root and CA Infrastructure. Also engaged with several Offshore Software Development Team.

Worked with Orascom Telecom-Banglalink, Network Elites as VAS partner, BTRC, BTT (Turkey) , Mango Teleservices Limited and Access to Informaiton (A2I-UNDP)

Currently working at Oracle Corporation as Principal Technology Solution and Cloud Architect.

You can reach me [h.t.emdad at gmail.com] and I will be delighted to exchange my views.

Tags

Apache Bind Cacti CentOS CentOS 6 CentOS 7 Debain Debian Debian 10 Debian 11 Debian 12 DKIM Docker endian icinga iptables Jitsi LAMP Letsencrypt Linux Munin MySQL Nagios Nextcloud NFS nginx pfsense php Postfix powerdns Proxmox RDP squid SSH SSL Ubuntu Ubuntu 16 Ubuntu 18 Ubuntu 20 Varnish virtualbox vpn Webmin XCP-NG zimbra

Topics

Recent Posts

  • Install Jitsi on Ubuntu 22.04 / 22.10 April 30, 2025
  • Key Lessons in life April 26, 2025
  • Create Proxmox Backup Server (PBS) on Debian 12 April 19, 2025
  • Add Physical Drive in Proxmox VM Guest April 19, 2025
  • Mount a drive permanently with fstab in Linux April 16, 2025
  • Proxmox 1:1 NAT routing March 30, 2025
  • Installation steps of WSL – Windows Subsystem for Linux March 8, 2025
  • Enabling Nested Virtualization In Proxmox March 8, 2025
  • How to Modify/Change console/SSH login banner for Proxmox Virtual Environment (Proxmox VE / PVE) March 3, 2025
  • Install Proxmox Backup Server on Debian 12 February 12, 2025

Archives

Top Posts & Pages

  • Install Jitsi on Ubuntu 22.04 / 22.10
©2025 Bots! | WordPress Theme by SuperbThemes