<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; color: #000000"><div><div style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;">Hi!, you can use our fail2ban for Zimbra tutorial: </div><div style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;"><span class="Object" role="link" id="OBJ_PREFIX_DWT17828_com_zimbra_url" style="color: #005a95; text-decoration: none; cursor: pointer;" data-mce-style="color: #005a95; text-decoration: none; cursor: pointer;"><span class="Object" role="link" id="OBJ_PREFIX_DWT17853_com_zimbra_url" style="color: #005a95; text-decoration: none; cursor: pointer;" data-mce-style="color: #005a95; text-decoration: none; cursor: pointer;"><a target="_blank" href="https://soporte.itlinux.cl/hc/es/articles/200120608-Fail2Ban-para-Zimbra" style="color: #005a95; text-decoration: none; cursor: pointer;" data-mce-href="https://soporte.itlinux.cl/hc/es/articles/200120608-Fail2Ban-para-Zimbra" data-mce-style="color: #005a95; text-decoration: none; cursor: pointer;">https://soporte.itlinux.cl/hc/es/articles/200120608-Fail2Ban-para-Zimbra</a></span></span></div><div style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;"><br></div><div style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;"><br></div><div style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;">Regards</div><br></div><div><br></div><div data-marker="__SIG_PRE__"><div><br></div><div><span style="font-family: arial, helvetica, sans-serif;" data-mce-style="font-family: arial, helvetica, sans-serif;"><span style="font-family: Arial; font-size: 13px; orphans: 2; widows: 2; background-color: #fdfdfd;" data-mce-style="font-family: Arial; font-size: 13px; orphans: 2; widows: 2; background-color: #fdfdfd;">Saludos</span><br></span></div><div><span style="font-family: arial, helvetica, sans-serif; font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: rgb(253, 253, 253);" data-mce-style="font-family: arial, helvetica, sans-serif; font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd;">--------------------------------------------------</span></div><div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;">Daniel Eugenin M.<br><strong style="font-family: 'arial black', 'avant garde';" data-mce-style="font-family: 'arial black', 'avant garde';"><span style="color: #99cc00;" data-mce-style="color: #99cc00;">IT </span></strong><strong style="font-family: 'arial black', 'avant garde';" data-mce-style="font-family: 'arial black', 'avant garde';">Linux & <span style="color: rgb(0, 0, 0);" data-mce-style="color: #000000;">Z</span><span style="color: rgb(0, 0, 255);" data-mce-style="color: #0000ff;">box</span></strong></div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;">Cel: (+56-9) 8899 6601</div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;"><span class="Object" id="OBJ_PREFIX_DWT3171_com_zimbra_url" data-mce-style="color: #336699; cursor: pointer;" style="text-align: -webkit-auto; color: rgb(51, 102, 153); cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT3174_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;">www.itlinux.cl</span></span><span class="Object" id="OBJ_PREFIX_DWT3172_com_zimbra_url" data-mce-style="color: #336699; cursor: pointer;" style="text-align: -webkit-auto; color: rgb(51, 102, 153); cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT3175_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"> / www.zboxapp.com</span></span></div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;"><br></div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;">Correo enviado a través de</div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;"><span class="Object" id="OBJ_PREFIX_DWT3173_com_zimbra_url" style="color: #336699; cursor: pointer;" data-mce-style="color: #336699; cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT3176_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"><a href="http://www.zbox.cl/" target="_blank" style="color: #336699; text-decoration: none; cursor: pointer;" data-mce-href="http://www.zbox.cl/" data-mce-style="color: #336699; text-decoration: none; cursor: pointer;"><span style="color: #3366ff; font-family: arial, helvetica, sans-serif;" data-mce-style="color: #3366ff; font-family: arial, helvetica, sans-serif;"><strong>ZBox: Correo y Colaboración en la Nube</strong></span></a></span></span></div><div style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;" data-mce-style="font-size: 13px; orphans: 2; text-align: -webkit-auto; widows: 2; background-color: #fdfdfd; font-family: Arial;"><span class="Object" style="color: #336699; cursor: pointer;" data-mce-style="color: #336699; cursor: pointer;"><span class="Object" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span style="color: #3366ff; font-family: arial, helvetica, sans-serif;" data-mce-style="color: #3366ff; font-family: arial, helvetica, sans-serif;"><strong><br></strong></span></span></span></div></div></div><br><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"L. Mark Stone" <lmark.stone@reliablenetworks.com><br><b>To: </b>"Barry de Graaff" <info@barrydegraaff.tk><br><b>Cc: </b>users@lists.zetalliance.org<br><b>Sent: </b>Monday, November 27, 2017 11:09:59 AM<br><b>Subject: </b>Re: [Users] Having some `brute` force log-in attempts on Zimbra<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Yes, a community-vetted fail2ban setup for Zimbra would be a wonderful addition!</div><br><div><div>___________________________________________________________</div><div><strong>A Message From...  L. Mark Stone, General Manager</strong></div><div><strong></strong><br></div><div><img src="cid:d598b4953bcfa8ddf5c95beea01a6940cdd60260@zimbra"></div><div><div><span style="font-size: small;"><em>"Uptime.  All the time." </em><span style="font-size: medium;">®    <span style="color: #999999; font-size: small;"><a href="http://www.reliablenetworks.com" target="_blank">www.reliablenetworks.com</a></span></span></span></div><p style="margin: 0px;"><i style="color: rgb(255, 102, 0); background-color: rgb(255, 255, 255); font-size: small; text-decoration: underline;"></i><br></p><p style="margin: 0px;"><i style="color: #ff6600; background-color: #ffffff; font-size: small; text-decoration: underline;">Fifteen Years In Business!  2003 - 2017!</i></p><p style="margin: 0px;"><span style="font-size: small;"><br></span><span style="color: #333333; font-size: small;"><span style="font-size: small;">477 Congress Street, Suite 812</span>   |   Portland, ME 04101   |   (<a href="callto:+1207%29%20772-5678" target="_blank">207) 772-5678</a></span></p><div><span style="font-size: small;"> </span></div><div><span style="font-size: small;"><span style="font-size: small;"><span style="color: #ff6600;">Citrix XenApp/XenDesktop Hosting</span>  |  <span style="color: #ff6600;">SOC 2 Type II Audit </span><br><span style="color: #ff6600;"><i>Zimbra</i></span><span style="color: #ff6600;"> Groupware</span>  |  <span style="color: #ff6600;">Mission-Critical Cl</span><span style="color: #ff6600;">oud Hosting  </span><br></span></span></div><br><div><span style="font-size: small;">This email may contain information that is privileged and confidential.<br>If you suspect that you were not intended to receive it, please delete<br>it and notify us as soon as possible. Thank you.</span></div></div></div><br><hr id="zwchr"><div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Barry de Graaff" <info@barrydegraaff.tk><br><b>To: </b>"andreas wolske" <andreas.wolske@managedhosting.de><br><b>Cc: </b>users@lists.zetalliance.org<br><b>Sent: </b>Monday, November 27, 2017 8:45:21 AM<br><b>Subject: </b>Re: [Users] Having some `brute` force log-in attempts on Zimbra<br></blockquote></div><div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">Yes please, and can I put them on <br>https://github.com/Zimbra-Community/zimbra-tools ?<br><br>Kind regards, <br><br>Barry de Graaff<br>Zeta Alliance <br>Co-founder & Developer<br>zetalliance.org | github.com/Zimbra-Community<br><br>+31 617 220 227<br>Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0<br><br>----- Original Message -----<br>From: "Andreas Wolske" <andreas.wolske@managedhosting.de><br>To: users@lists.zetalliance.org<br>Sent: Monday, November 27, 2017 2:23:52 PM<br>Subject: Re: [Users] Having some `brute` force log-in attempts on Zimbra<br><br>Hi Barry,<br><br>Am 27.11.2017 um 14:07 schrieb Barry de Graaff:<br>> Hello Folks,<br>> <br>> I am seeing some subtle brute force log-in attempts on the Alliance mailserver.<br>> <br>> Every hour or so, someone from different locations in Brazil is trying to log onto<br>> our server. And it does not seem to be a normal user with a wrong password or so.<br>> <br>> What do you guys use to mitigate these? Should I add some fail2ban?<br><br>We use composite DROP (Don't route or peer) Lists for iptables and<br>a customized fail2ban setup tailored to meet zimbra logfile<br>configurations.<br><br>I could provide both configurations as an example.<br><br>BR<br><br>-- <br><br>Andreas Wolske<br>Geschäftsführer<br><br>------------ managedhosting.de - Enterprise Cloud Services ------------<br><br>VMware Hybrid Cloud Powered Service Provider<br>Red Hat Certified Cloud & Service Provider<br>Zimbra Gold Partner<br>FileCloud Certified Partner<br>veeam Cloud Provider<br><br>p +49 30 202364910<br>f +49 30 202364919<br>m +49 151 21258008<br><br>@ andreas.wolske@managedhosting.de<br>w https://www.managedhosting.de<br><br>Pflichtangaben nach §35a GmbHG: https://www.managedhosting.de/legal</blockquote></div></div><br></blockquote></div></div></body></html>