| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
08-18-2011, 03:32 PM
| | |  [SOLVED] Securing a zimbra server, fail2ban
Hi everyone
We've been running a very low-traffic Zimbra test installation over our ADSL connection for over a year now with no problems. But I suddenly realised, I don't have fail2ban running on this Zimbra machine to filter any brute-force login attempts made to the Zimbra services.
What sort of security should we be implementing on an internet-facing Zimbra machine?
Has anyone got fail2ban running on a Zimbra installation?
Normally it's very easy to get up and running but with Zimbra the logging formats or locations are very different to that of standard packages that already have fail2ban jail configurations out there.
Does Zimbra have anything like this built-in?
Is there any other security software we should look at installing on our Zimbra machine? I was told that keeping it as "pure" as possible would be the best way forward.
Cheers, B
Last edited by batfastad; 08-19-2011 at 05:07 AM..
|
08-18-2011, 06:50 PM
| | Outstanding Member | |
Posts: 717
| |
Zimbra has the auto-lock feature, which will accomplish this, but on a much broader spectrum. It will lock an account for X number of minutes/hours after Y number of failed password attempts. That way if it is getting brute-forced from multiple IP's, you're still covered. The account will be automatically unlocked after the specified period of time.
You can find these settings under the Advanced tab of the COS or the Account. |
08-19-2011, 12:54 AM
| | |
Great!
And that feature works across all services? So AJAX UI logins, IMAP logins, POP logins etc?
Cheers, B |
08-19-2011, 02:24 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,314
| |
Quote:
Originally Posted by batfastad  Great!
And that feature works across all services? So AJAX UI logins, IMAP logins, POP logins etc? | No, that's a web ui feature. I'd also suggest you implement a strong password policy reduce the likelihood of an attacker getting into an account - see the Admin UI for the tool to set it. Any particular reason you don't have the server behind a firewall of NAT router?
__________________
Regards
Bill
|
08-19-2011, 03:33 AM
| | |
Ah ok. So people can still attempt brute-forcing over IMAP or POP services.
This machine is actually behind an IPCop firewall box. But the ports for SMTP, HTTPS, SMTP submit and IMAP are open to the internet.
Has anyone had any success installing fail2ban or similar on a Zimbra server?
Cheers, B |
08-19-2011, 03:54 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,314
| |
Quote:
Originally Posted by batfastad Ah ok. So people can still attempt brute-forcing over IMAP or POP services. | ... that would also include the Zimbra Web service but that's also covered by the strong password for the account. Quote:
Originally Posted by batfastad This machine is actually behind an IPCop firewall box. But the ports for SMTP, HTTPS, SMTP submit and IMAP are open to the internet. | I didn't see you mention that, hence the question.  Quote:
Originally Posted by batfastad Has anyone had any success installing fail2ban or similar on a Zimbra server? | I believe there are a couple of threads in the forums on that very topic.
__________________
Regards
Bill
|
08-19-2011, 04:55 AM
| | |
|
08-19-2011, 05:07 AM
| | |
Solved! That's exactly what I wanted. Cheers  | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
