Protect kopano-gateway

Guizmo

Hi,

From time to time kopano-gateway doesn’t answer anymore (IMAPS), I end by restarting the process.

After some check I noticed there was a lot of connections, most of them didn’t even try authentication, some kept trying bruteforce.

What do is the best solution to protect this ? (fail2ban, firewall rules, configuration settings, …)

Thanks !

thctlo

I use fail2ban with ufw for it on my Debian server

Here you go, what i use.

# /etc/fail2ban/filter.d/kopano-gateway.conf
#
# Fail2Ban configuration file
# Kopano Gateway : /var/log/kopano/gateway.log
#

[INCLUDES]

before = common.conf

[Definition]
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Failed to login from <HOST> with invalid username
            Failed to login from <HOST>:[0-9]{2,5} with invalid username

ignoreregex =

[Init]

journalmatch = _SYSTEMD_UNIT=fail2ban.service

and

# /etc/fail2ban/jail.d/local-jail.conf 
[kopano-gateway]
enabled  = false
port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter   = kopano-gateway
banaction = ufw