[Users] Having some `brute` force log-in attempts on Zimbra

Barry de Graaff info at barrydegraaff.tk
Mon Nov 27 14:45:21 CET 2017

Yes please, and can I put them on 
https://github.com/Zimbra-Community/zimbra-tools ?

Kind regards, 

Barry de Graaff
Zeta Alliance 
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community

+31 617 220 227
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0

----- Original Message -----
From: "Andreas Wolske" <andreas.wolske at managedhosting.de>
To: users at lists.zetalliance.org
Sent: Monday, November 27, 2017 2:23:52 PM
Subject: Re: [Users] Having some `brute` force log-in attempts on Zimbra

Hi Barry,

Am 27.11.2017 um 14:07 schrieb Barry de Graaff:
> Hello Folks,
> I am seeing some subtle brute force log-in attempts on the Alliance mailserver.
> Every hour or so, someone from different locations in Brazil is trying to log onto
> our server. And it does not seem to be a normal user with a wrong password or so.
> What do you guys use to mitigate these? Should I add some fail2ban?

We use composite DROP (Don't route or peer) Lists for iptables and
a customized fail2ban setup tailored to meet zimbra logfile

I could provide both configurations as an example.



Andreas Wolske

------------ managedhosting.de - Enterprise Cloud Services ------------

VMware Hybrid Cloud Powered Service Provider
Red Hat Certified Cloud & Service Provider
Zimbra Gold Partner
FileCloud Certified Partner
veeam Cloud Provider

p +49 30 202364910
f +49 30 202364919
m +49 151 21258008

@ andreas.wolske at managedhosting.de
w https://www.managedhosting.de

Pflichtangaben nach §35a GmbHG: https://www.managedhosting.de/legal

More information about the Users mailing list