Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revisionBoth sides next revision | ||
l3:serveri:mail_server_zimbra [2022/05/28 11:47] – milano | l3:serveri:mail_server_zimbra [2022/07/11 10:51] – milano | ||
---|---|---|---|
Line 37: | Line 37: | ||
- MOC eksponira '' | - MOC eksponira '' | ||
- Na Zimbri, u folderu ''/ | - Na Zimbri, u folderu ''/ | ||
+ | |||
+ | ===== Fail2Ban zaštita ===== | ||
+ | |||
+ | Učestalo je zaključavanje '' | ||
+ | Kako bi sprečili // | ||
+ | |||
+ | Za instalaciju je praćeno uputstvo sa [[https:// | ||
+ | Pošto stranica može da " | ||
+ | |||
+ | **Install pip** | ||
+ | |||
+ | < | ||
+ | |||
+ | **Install dependencies required by Fail2Ban** | ||
+ | |||
+ | < | ||
+ | pip3 install pyinotify | ||
+ | pip3 install dnspython | ||
+ | </ | ||
+ | |||
+ | **Download and extract Fail2Ban** | ||
+ | |||
+ | < | ||
+ | cd /tmp/ | ||
+ | wget -c https:// | ||
+ | </ | ||
+ | |||
+ | **Install Fail2Ban** | ||
+ | |||
+ | < | ||
+ | tar -xvf 0.9.4.tar.gz | ||
+ | cd fail2ban-0.9.4 | ||
+ | python3 setup.py install | ||
+ | </ | ||
+ | |||
+ | **Copy Fail2Ban service to systemd** | ||
+ | |||
+ | < | ||
+ | |||
+ | **Adjust bin location on Fail2Ban service** | ||
+ | |||
+ | < | ||
+ | |||
+ | Adjust the following lines. Change ''/ | ||
+ | |||
+ | < | ||
+ | ExecStart=/ | ||
+ | ExecStop=/ | ||
+ | ExecReload=/ | ||
+ | </ | ||
+ | |||
+ | Create fail2ban folder | ||
+ | |||
+ | < | ||
+ | mkdir / | ||
+ | nano / | ||
+ | </ | ||
+ | |||
+ | Add this line at the bottom | ||
+ | |||
+ | < | ||
+ | |||
+ | Reload systemd | ||
+ | |||
+ | < | ||
+ | |||
+ | **Create zimbra.jail** | ||
+ | |||
+ | < | ||
+ | |||
+ | Fill with the following lines and save | ||
+ | |||
+ | < | ||
+ | [zimbra-submission] | ||
+ | enabled = true | ||
+ | filter = zimbra-submission | ||
+ | logpath = / | ||
+ | maxretry = 3 | ||
+ | findtime = 3600 | ||
+ | bantime = 36000 | ||
+ | action = iptables-multiport[name=zimbra-submission, | ||
+ | |||
+ | [zimbra-webmail] | ||
+ | enabled = true | ||
+ | filter = zimbra-webmail | ||
+ | logpath = / | ||
+ | maxretry = 3 | ||
+ | findtime = 3600 | ||
+ | bantime = 36000 | ||
+ | action = iptables-multiport[name=zimbra-webmail, | ||
+ | |||
+ | [zimbra-admin] | ||
+ | enabled = true | ||
+ | filter = zimbra-admin | ||
+ | logpath = / | ||
+ | maxretry = 3 | ||
+ | findtime = 3600 | ||
+ | bantime = 36000 | ||
+ | action = iptables-multiport[name=zimbra-admin, | ||
+ | </ | ||
+ | |||
+ | **Create filters** | ||
+ | – Zimbra Admin | ||
+ | |||
+ | < | ||
+ | |||
+ | – Zimbra Webmail | ||
+ | |||
+ | < | ||
+ | |||
+ | – Zimbra SMTP/ | ||
+ | |||
+ | < | ||
+ | |||
+ | **Ignore localhost and Zimbra IP** | ||
+ | |||
+ | Open file / | ||
+ | |||
+ | < | ||
+ | |||
+ | **Enable and restart Fail2Ban** | ||
+ | |||
+ | < | ||
+ | systemctl enable fail2ban | ||
+ | systemctl restart fail2ban | ||
+ | </ | ||
+ | |||