Differences

This shows you the differences between two versions of the page.

--- l3:serveri:mail_server_zimbra [2022/05/28 11:47] – milano
+++ l3:serveri:mail_server_zimbra [2022/07/11 10:51] – milano
@@ Line 37: / Line 37: @@
   - MOC eksponira ''nfs'' folder ''/etc/letsencrypt'' samo Zimbra serveru i to u ''ro'' režimu. \\ **Folder sadrži privatni ključ i veoma je važno da ostane zaštićen!!!**
   - Na Zimbri, u folderu ''/home/zimbra/assets'' nalazi se ''isrgrootx1.pem.txt'' fajl koji sadrži **pem** blok ISRG Root X1 sertifikata koji se kombinuje sa Let's Encryptovim.
+===== Fail2Ban zaštita =====
+Učestalo je zaključavanje ''office@melany.rs'' ali i ''milan@melany.rs'' naloga zbog pokušaja probijanja "brutalnim nabadanjem lozinke".
+Kako bi sprečili //brute-force// napade instaliran je ''fail2ban'' servis.
+Za instalaciju je praćeno uputstvo sa [[https://imanudin.net/2020/07/05/how-to-install-and-configure-fail2ban-for-zimbra|ove stranice]].
+Pošto stranica može da "nestane", evo i transkripta:
+**Install pip**
+<code>yum install python3-pip</code>
+**Install dependencies required by Fail2Ban**
+<code>
+pip3 install pyinotify
+pip3 install dnspython
+</code>
+**Download and extract Fail2Ban**
+<code>
+cd /tmp/
+wget -c https://github.com/fail2ban/fail2ban/archive/0.9.4.tar.gz
+</code>
+**Install Fail2Ban**
+<code>
+tar -xvf 0.9.4.tar.gz
+cd fail2ban-0.9.4
+python3 setup.py install
+</code>
+**Copy Fail2Ban service to systemd**
+<code>cp files/fail2ban.service /usr/lib/systemd/system/</code>
+**Adjust bin location on Fail2Ban service**
+<code>nano /usr/lib/systemd/system/fail2ban.service</code>
+Adjust the following lines. Change ''/usr/bin'' become ''/usr/local/bin''
+<code>
+ExecStart=/usr/local/bin/fail2ban-client -x start
+ExecStop=/usr/local/bin/fail2ban-client stop
+ExecReload=/usr/local/bin/fail2ban-client reload
+</code>
+Create fail2ban folder
+<code>
+mkdir /var/run/fail2ban
+nano /usr/lib/tmpfiles.d/var.conf
+</code>
+Add this line at the bottom
+<code>d /var/run/fail2ban 0755 - - -</code>
+Reload systemd
+<code>systemctl daemon-reload</code>
+**Create zimbra.jail**
+<code>nano /etc/fail2ban/jail.d/zimbra.local</code>
+Fill with the following lines and save
+<code>
+[zimbra-submission]
+enabled = true
+filter = zimbra-submission
+logpath = /var/log/zimbra.log
+maxretry = 3
+findtime = 3600
+bantime = 36000
+action = iptables-multiport[name=zimbra-submission, port="25,465,587", protocol=tcp]
+[zimbra-webmail]
+enabled = true
+filter = zimbra-webmail
+logpath = /opt/zimbra/log/mailbox.log
+maxretry = 3
+findtime = 3600
+bantime = 36000
+action = iptables-multiport[name=zimbra-webmail, port="80,443", protocol=tcp]
+[zimbra-admin]
+enabled = true
+filter = zimbra-admin
+logpath = /opt/zimbra/log/mailbox.log
+maxretry = 3
+findtime = 3600
+bantime = 36000
+action = iptables-multiport[name=zimbra-admin, port="7071", protocol=tcp]
+</code>
+**Create filters**
+– Zimbra Admin
+<code>curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-admin.conf > /etc/fail2ban/filter.d/zimbra-admin.conf</code>
+– Zimbra Webmail
+<code>curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-webmail.conf > /etc/fail2ban/filter.d/zimbra-webmail.conf</code>
+– Zimbra SMTP/SMTPS/Submission
+<code>curl -k https://raw.githubusercontent.com/imanudin11/zimbra-fail2ban/master/zimbra-submission.conf > /etc/fail2ban/filter.d/zimbra-submission.conf</code>
+**Ignore localhost and Zimbra IP**
+Open file /etc/fail2ban/jail.conf. Find line **“ignoreip =”** and add the IP address that will be ignored from Fail2Ban checking. You can use comma or space to add multiple IP
+<code>ignoreip = 127.0.0.1/8 IP-ADDRESS-OF-ZIMBRA/32 OTHER-IP-ADDRESS/32</code>
+**Enable and restart Fail2Ban**
+<code>
+systemctl enable fail2ban
+systemctl restart fail2ban
+</code>