Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Protect kopano-gateway

    Kopano Groupware Core
    2
    2
    263
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Guizmo
      Guizmo last edited by

      Hi,

      From time to time kopano-gateway doesn’t answer anymore (IMAPS), I end by restarting the process.

      After some check I noticed there was a lot of connections, most of them didn’t even try authentication, some kept trying bruteforce.

      What do is the best solution to protect this ? (fail2ban, firewall rules, configuration settings, …)

      Thanks !

      1 Reply Last reply Reply Quote 0
      • thctlo
        thctlo last edited by

        I use fail2ban with ufw for it on my Debian server

        Here you go, what i use.

        # /etc/fail2ban/filter.d/kopano-gateway.conf
        #
        # Fail2Ban configuration file
        # Kopano Gateway : /var/log/kopano/gateway.log
        #
        
        [INCLUDES]
        
        before = common.conf
        
        [Definition]
        # Option:  failregex
        # Notes.:  regex to match the password failures messages in the logfile. The
        #          host must be matched by a group named "host". The tag "<HOST>" can
        #          be used for standard IP/hostname matching and is only an alias for
        #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
        # Values:  TEXT
        #
        failregex = Failed to login from <HOST> with invalid username
                    Failed to login from <HOST>:[0-9]{2,5} with invalid username
        
        ignoreregex =
        
        [Init]
        
        journalmatch = _SYSTEMD_UNIT=fail2ban.service
        

        and

        # /etc/fail2ban/jail.d/local-jail.conf 
        [kopano-gateway]
        enabled  = false
        port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
        filter   = kopano-gateway
        banaction = ufw
        
        1 Reply Last reply Reply Quote 0
        • First post
          Last post