Protect kopano-gateway



  • Hi,

    From time to time kopano-gateway doesn’t answer anymore (IMAPS), I end by restarting the process.

    After some check I noticed there was a lot of connections, most of them didn’t even try authentication, some kept trying bruteforce.

    What do is the best solution to protect this ? (fail2ban, firewall rules, configuration settings, …)

    Thanks !



  • I use fail2ban with ufw for it on my Debian server

    Here you go, what i use.

    # /etc/fail2ban/filter.d/kopano-gateway.conf
    #
    # Fail2Ban configuration file
    # Kopano Gateway : /var/log/kopano/gateway.log
    #
    
    [INCLUDES]
    
    before = common.conf
    
    [Definition]
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    # Values:  TEXT
    #
    failregex = Failed to login from <HOST> with invalid username
                Failed to login from <HOST>:[0-9]{2,5} with invalid username
    
    ignoreregex =
    
    [Init]
    
    journalmatch = _SYSTEMD_UNIT=fail2ban.service
    

    and

    # /etc/fail2ban/jail.d/local-jail.conf 
    [kopano-gateway]
    enabled  = false
    port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
    filter   = kopano-gateway
    banaction = ufw
    

Log in to reply