[Users] Having some `brute` force log-in attempts on Zimbra

Andreas Wolske andreas.wolske at managedhosting.de
Mon Nov 27 14:23:52 CET 2017


Hi Barry,

Am 27.11.2017 um 14:07 schrieb Barry de Graaff:
> Hello Folks,
> 
> I am seeing some subtle brute force log-in attempts on the Alliance mailserver.
> 
> Every hour or so, someone from different locations in Brazil is trying to log onto
> our server. And it does not seem to be a normal user with a wrong password or so.
> 
> What do you guys use to mitigate these? Should I add some fail2ban?

We use composite DROP (Don't route or peer) Lists for iptables and
a customized fail2ban setup tailored to meet zimbra logfile
configurations.

I could provide both configurations as an example.

BR

-- 

Andreas Wolske
Geschäftsführer

------------ managedhosting.de - Enterprise Cloud Services ------------

VMware Hybrid Cloud Powered Service Provider
Red Hat Certified Cloud & Service Provider
Zimbra Gold Partner
FileCloud Certified Partner
veeam Cloud Provider

p +49 30 202364910
f +49 30 202364919
m +49 151 21258008

@ andreas.wolske at managedhosting.de
w https://www.managedhosting.de

Pflichtangaben nach §35a GmbHG: https://www.managedhosting.de/legal




More information about the Users mailing list