Fail2Ban x Carbonio Community Edition - Carbonio General https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/ Zextras Community Discussion Board en-US Sun, 12 Apr 2026 00:02:38 +0000 wpForo 60 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7874 Mon, 22 Apr 2024 00:21:44 +0000 @myriad 

After adding the ufw

: ERROR Found no accessible config files for 'filter.d/ufw' under /etc/fail2ban

: ERROR Unable to read the filter 'ufw'

: ERROR Errors in jail 'ufw'. Skipping...

 

 

 

]]> Carbonio General haffi https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7874 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7673 Fri, 29 Mar 2024 11:39:37 +0000 It seems to be working successfully for me. Here is a snippet from the F2B log:

2024-03-29 07:32:28,109 fail2ban.filter : INFO Found 113.161.72.248 - 2024-03-29 07:32:27
2024-03-29 07:32:28,109 fail2ban.filter : INFO Found 113.161.72.248 - 2024-03-29 07:32:27
2024-03-29 05:53:57,935 fail2ban.filter : INFO Found 209.85.222.202 - 2024-03-29 05:53:57
2024-03-29 05:53:57,934 fail2ban.filter : INFO Found 209.85.222.202 - 2024-03-29 05:53:57
2024-03-29 04:40:09,985 fail2ban.filter : INFO Found 217.160.213.95 - 2024-03-29 04:40:09
2024-03-29 04:40:09,985 fail2ban.filter : INFO Found 217.160.213.95 - 2024-03-29 04:40:09
2024-03-29 04:29:28,880 fail2ban.filter : INFO Found 217.160.213.95 - 2024-03-29 04:29:28
2024-03-29 04:29:28,879 fail2ban.filter : INFO Found 217.160.213.95 - 2024-03-29 04:29:28
2024-03-29 03:24:29,172 fail2ban.filter : INFO Found 27.73.161.90 - 2024-03-29 03:24:28
2024-03-29 03:24:29,172 fail2ban.filter : INFO Found 27.73.161.90 - 2024-03-29 03:24:28
2024-03-28 23:59:42,960 fail2ban.actions : NOTICE Ban 185.165.190.17
2024-03-28 23:59:42,704 fail2ban.filter : INFO Found 185.165.190.17 - 2024-03-28 23:59:42
2024-03-28 23:59:42,582 fail2ban.filter : INFO Found 185.165.190.17 - 2024-03-28 23:59:42
2024-03-28 23:59:35,612 fail2ban.filter : INFO Found 185.165.190.17 - 2024-03-28 23:59:35
2024-03-28 23:59:35,583 fail2ban.filter : INFO Found 185.165.190.17 - 2024-03-28 23:59:35
2024-03-28 23:59:35,514 fail2ban.filter : INFO Found 185.165.190.17 - 2024-03-28 23:59:35
2024-03-28 19:04:29,071 fail2ban.filter : INFO Found 199.79.63.213 - 2024-03-28 19:04:28
2024-03-28 19:04:29,090 fail2ban.filter : INFO Found 199.79.63.213 - 2024-03-28 19:04:28
2024-03-28 05:57:30,129 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 05:57:30
2024-03-28 05:57:30,125 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 05:57:30
2024-03-28 05:42:15,905 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 05:42:15
2024-03-28 05:42:15,904 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 05:42:15
2024-03-28 04:25:56,316 fail2ban.filter : INFO Found 176.102.65.146 - 2024-03-28 04:25:56
2024-03-28 04:25:56,316 fail2ban.filter : INFO Found 176.102.65.146 - 2024-03-28 04:25:56
2024-03-28 04:14:01,005 fail2ban.filter : INFO Found 209.85.219.196 - 2024-03-28 04:14:00
2024-03-28 04:14:01,004 fail2ban.filter : INFO Found 209.85.219.196 - 2024-03-28 04:14:00
2024-03-28 01:00:28,476 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 01:00:28
2024-03-28 01:00:28,475 fail2ban.filter : INFO Found 85.215.217.236 - 2024-03-28 01:00:28
2024-03-27 12:14:37,879 fail2ban.filter : INFO Found 35.172.137.204 - 2024-03-27 12:14:37
2024-03-27 12:14:37,878 fail2ban.filter : INFO Found 35.172.137.204 - 2024-03-27 12:14:37
2024-03-27 12:14:37,876 fail2ban.filter : INFO Found 3.95.194.109 - 2024-03-27 12:14:37
2024-03-27 12:14:37,875 fail2ban.filter : INFO Found 3.95.194.109 - 2024-03-27 12:14:37
2024-03-27 12:14:37,874 fail2ban.filter : INFO Found 3.95.194.109 - 2024-03-27 12:14:37
2024-03-27 12:14:37,873 fail2ban.filter : INFO Found 3.95.194.109 - 2024-03-27 12:14:37
2024-03-27 12:14:37,860 fail2ban.filter : INFO Found 34.229.209.11 - 2024-03-27 12:14:37
2024-03-27 12:14:37,854 fail2ban.filter : INFO Found 34.229.209.11 - 2024-03-27 12:14:37
2024-03-27 12:14:31,371 fail2ban.filter : INFO Found 3.83.193.114 - 2024-03-27 12:14:31
2024-03-27 12:14:31,370 fail2ban.filter : INFO Found 3.83.193.114 - 2024-03-27 12:14:31
2024-03-27 12:14:31,357 fail2ban.filter : INFO Found 3.91.95.234 - 2024-03-27 12:14:31
2024-03-27 12:14:31,357 fail2ban.filter : INFO Found 3.91.95.234 - 2024-03-27 12:14:31
2024-03-27 12:14:31,328 fail2ban.filter : INFO Found 54.234.127.247 - 2024-03-27 12:14:31
2024-03-27 12:14:31,328 fail2ban.filter : INFO Found 54.234.127.247 - 2024-03-27 12:14:31
2024-03-27 12:14:31,325 fail2ban.filter : INFO Found 44.201.251.164 - 2024-03-27 12:14:31

And here is the corresponding UFW log snippet:

Dec 30 23:57:38 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:34 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:32 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:31 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:30 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:29 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:28 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:57:27 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=54087 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:47:14 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=45.227.254.8 DST=10.40.10.51 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=27789 DF PROTO=TCP SPT=39816 DPT=8443 WINDOW=8192 RES=0x00 SYN URGP=0
Dec 30 23:47:08 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=45.227.254.8 DST=10.40.10.51 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=27788 DF PROTO=TCP SPT=39816 DPT=8443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Dec 30 23:47:05 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=45.227.254.8 DST=10.40.10.51 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=27787 DF PROTO=TCP SPT=39816 DPT=8443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Dec 30 23:38:55 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=45.128.232.15 DST=10.40.10.51 LEN=36 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=UDP SPT=54631 DPT=123 LEN=16
Dec 30 23:37:36 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=37229 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:36 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=40250 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:35 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=20097 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:35 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=34363 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:35 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=10317 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:34 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=27166 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:34 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=62940 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:34 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=28771 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:37:32 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=62234 DPT=993 WINDOW=0 RES=0x00 RST URGP=0
Dec 30 23:15:48 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:32 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:24 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:20 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:18 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:17 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:16 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:15 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:14 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34394 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 30 23:15:13 mail kernel: IN=enp0s4 OUT= MAC=00:a0:98:7c:8a:bb:00:90:0b:7a:87:36:08:00 SRC=142.116.122.113 DST=10.40.10.51 LEN=64 TOS=0x00 PREC=0x00 TTL

Unless I am missing something here, my installation seems to be working ok. Do you have your FW set up correctly as per my previous link?

]]> Carbonio General Myriad https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7673 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7656 Thu, 28 Mar 2024 17:16:36 +0000  

@jolmir I have used F2B for the 20+ years I have run Zimbra servers and I find it work well at stopping brute force attempts and account lockouts. Here is a typical log:

2023-12-21 10:22:57,064 fail2ban.filter         : INFO     Found 38.108.68.15 - 2023-12-21 10:22:56
2023-12-21 08:36:04,229 fail2ban.filter         : INFO     Found 182.183.169.193 - 2023-12-21 08:36:04
2023-12-21 08:29:57,123 fail2ban.filter         : INFO     Found 213.230.120.86 - 2023-12-21 08:29:57
2023-12-21 08:21:50,585 fail2ban.filter         : INFO     Found 210.196.222.34 - 2023-12-21 08:21:50
2023-12-21 08:21:50,581 fail2ban.filter         : INFO     Found 210.196.222.34 - 2023-12-21 08:21:50
2023-12-21 08:18:45,416 fail2ban.filter         : INFO     Found 185.191.54.54 - 2023-12-21 08:18:45
2023-12-21 08:13:22,170 fail2ban.filter         : INFO     Found 213.230.65.55 - 2023-12-21 08:13:22
2023-12-21 08:09:59,257 fail2ban.filter         : INFO     Found 197.211.63.117 - 2023-12-21 08:09:59
2023-12-21 08:03:08,801 fail2ban.filter         : INFO     Found 5.121.122.143 - 2023-12-21 08:03:08
2023-12-21 08:02:14,144 fail2ban.filter         : INFO     Found 5.121.122.143 - 2023-12-21 08:02:14
2023-12-21 07:30:50,066 fail2ban.filter         : INFO     Found 179.6.34.67 - 2023-12-21 07:30:50
2023-12-21 07:26:24,697 fail2ban.filter         : INFO     Found 160.155.168.175 - 2023-12-21 07:26:24
2023-12-21 07:13:19,438 fail2ban.filter         : INFO     Found 213.230.110.224 - 2023-12-21 07:13:19
2023-12-20 20:37:16,576 fail2ban.filter         : INFO     Found 178.255.222.211 - 2023-12-20 20:37:16
2023-12-20 20:37:16,575 fail2ban.filter         : INFO     Found 178.255.222.211 - 2023-12-20 20:37:16
2023-12-20 13:13:17,068 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:16
2023-12-20 13:13:17,066 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:16
2023-12-20 13:13:04,769 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:04
2023-12-20 13:13:04,769 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:04
2023-12-20 11:23:00,796 fail2ban.filter         : INFO     Found 198.61.254.30 - 2023-12-20 11:23:00
2023-12-20 11:22:35,240 fail2ban.filter         : INFO     Found 167.172.163.193 - 2023-12-20 11:22:35
2023-12-20 11:22:35,240 fail2ban.filter         : INFO     Found 167.172.163.193 - 2023-12-20 11:22:35
2023-12-20 11:15:08,658 fail2ban.filter         : INFO     Found 167.99.139.2 - 2023-12-20 11:15:08
2023-12-20 11:15:08,657 fail2ban.filter         : INFO     Found 167.99.139.2 - 2023-12-20 11:15:08
2023-12-20 09:29:45,132 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:45
2023-12-20 09:29:45,130 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:45
2023-12-20 09:29:13,177 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:13
2023-12-20 09:29:13,176 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:13
2023-12-20 09:03:28,712 fail2ban.filter         : INFO     Found 38.108.68.89 - 2023-12-20 09:03:28
2023-12-20 09:03:28,711 fail2ban.filter         : INFO     Found 38.108.68.89 - 2023-12-20 09:03:28
2023-12-20 08:57:46,176 fail2ban.filter         : INFO     Found 38.108.68.147 - 2023-12-20 08:57:46

I also maintain a list of "Known Spammers" on my Pfsense Firewall that blocks spammers ASN IP's completely. The usual suspects like smtp.dk, yandex.ru, eonix, etc.



Hi, to me this is not appening.

 

 

2024-03-28 18:11:25,833 INFO   SoapEngine - handler exception: authentication failed for , invalid password
2024-03-28 18:11:25,834 INFO   soap - AuthRequest elapsed=4
2024-03-28 18:11:25,836 INFO  [] misc - Invalid login filter, checking if this was an auth req and authentication failed.

 

i found this on mailbox.log, i don't know what "misc - Invalid login filter, checking if this was an auth req and authentication failed" means, but i think is the problem fail2ban in my case is not working. 

 

]]> Carbonio General BelluX https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-7656 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6816 Thu, 04 Jan 2024 14:18:18 +0000 @jolmir Try this revised conf:

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 10.40.10.0/24 yourdomain.ca someip/32 someip/32 
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
banaction = ufw
banaction_allports = ufw


enabled = true
filter  = ufw
logpath = /var/log/ufw.log

# Carbonio Jails.


enabled = true
filter = carbonio
action = iptables-allports
#sendmail
logpath = /opt/zextras/log/mailbox.log
bantime = 600
maxretry = 5


enabled = true
filter = carbonio
action = iptables-allports
#sendmail
logpath = /opt/zextras/log/audit.log
bantime = 600
maxretry = 5


enabled = true
filter = carbonio
action = iptables-allports
#sendmail
logpath = /var/log/carbonio.log
bantime = 172800
maxretry = 5


enabled = true
filter = postfix
action = iptables-multiport
#sendmail-buffered
logpath = /var/log/carbonio.log
bantime = 172800
maxretry = 5

The previous example was missing the section. Check out my Complete Guide for more info.

]]> Carbonio General Myriad https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6816 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6780 Sat, 30 Dec 2023 19:40:54 +0000 Does anyone have the fail2ban configuration for Carbonio CE? that you can provide to stop attacks against the server that end up intentionally blocking accounts

]]> Carbonio General jolmir https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6780 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6712 Sat, 23 Dec 2023 22:06:58 +0000 @myriad thanks for sharing, I used your configuration shared above but I can't block any failed attempts I used this command but it doesn't mark any matches fail2ban-regex /opt/zextras/log/mailbox.log /etc/fail2ban/filter.d/carbonio.conf  and also to this other file and likewise no match /opt/zextras/log/audit.log /etc/fail2ban/filter.d/carbonio.conf both mailbox.log and audit.log log the following when there is a failed attempt

 

# fail2ban-regex /opt/zextras/log/audit.log /etc/fail2ban/filter.d/carbonio.conf

Running tests
=============

Use failregex filter file : carbonio, basedir: /etc/fail2ban
Use log file : /opt/zextras/log/audit.log
Use encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- date format
| {^LN-BEG}ExYear(?P<_sep>)Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:Microseconds)?(?:\s*Zone offset)?
`-

Lines: 276 lines, 0 ignored, 0 matched, 276 missed


Missed line(s): too many to print. Use --print-all-missed to print all 276 lines

 

# fail2ban-regex /opt/zextras/log/mailbox.log /etc/fail2ban/filter.d/carbonio.conf

Running tests
=============

Use failregex filter file : carbonio, basedir: /etc/fail2ban
Use log file : /opt/zextras/log/mailbox.log
Use encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- date format
| {^LN-BEG}ExYear(?P<_sep>)Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:Microseconds)?(?:\s*Zone offset)?
`-

Lines: 5198 lines, 0 ignored, 0 matched, 5198 missed


Missed line(s): too many to print. Use --print-all-missed to print all 5198 lines

When there is a failed login attempt the following files contain the following

mailbox.log 

INFO SoapEngine - handler exception: authentication failed for , invalid password

2023-12-23 15:15:26,216 WARN security - cmd=Auth; account=*@*; protocol=soap; error=authentication failed for , account(or domain) status is locked;

audit.log

WARN security - cmd=Auth; account=*@*; protocol=soap; error=authentication failed for , invalid password;

2023-12-23 14:16:09,140 INFO security - cmd=AdminAuth; account=*;

How could I correct the filter to match? Thanks in advance for the help

]]> Carbonio General jolmir https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6712 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6701 Fri, 22 Dec 2023 10:59:03 +0000  

@jolmir I have used F2B for the 20+ years I have run Zimbra servers and I find it work well at stopping brute force attempts and account lockouts. Here is a typical log:

2023-12-21 10:22:57,064 fail2ban.filter         : INFO     Found 38.108.68.15 - 2023-12-21 10:22:56
2023-12-21 08:36:04,229 fail2ban.filter         : INFO     Found 182.183.169.193 - 2023-12-21 08:36:04
2023-12-21 08:29:57,123 fail2ban.filter         : INFO     Found 213.230.120.86 - 2023-12-21 08:29:57
2023-12-21 08:21:50,585 fail2ban.filter         : INFO     Found 210.196.222.34 - 2023-12-21 08:21:50
2023-12-21 08:21:50,581 fail2ban.filter         : INFO     Found 210.196.222.34 - 2023-12-21 08:21:50
2023-12-21 08:18:45,416 fail2ban.filter         : INFO     Found 185.191.54.54 - 2023-12-21 08:18:45
2023-12-21 08:13:22,170 fail2ban.filter         : INFO     Found 213.230.65.55 - 2023-12-21 08:13:22
2023-12-21 08:09:59,257 fail2ban.filter         : INFO     Found 197.211.63.117 - 2023-12-21 08:09:59
2023-12-21 08:03:08,801 fail2ban.filter         : INFO     Found 5.121.122.143 - 2023-12-21 08:03:08
2023-12-21 08:02:14,144 fail2ban.filter         : INFO     Found 5.121.122.143 - 2023-12-21 08:02:14
2023-12-21 07:30:50,066 fail2ban.filter         : INFO     Found 179.6.34.67 - 2023-12-21 07:30:50
2023-12-21 07:26:24,697 fail2ban.filter         : INFO     Found 160.155.168.175 - 2023-12-21 07:26:24
2023-12-21 07:13:19,438 fail2ban.filter         : INFO     Found 213.230.110.224 - 2023-12-21 07:13:19
2023-12-20 20:37:16,576 fail2ban.filter         : INFO     Found 178.255.222.211 - 2023-12-20 20:37:16
2023-12-20 20:37:16,575 fail2ban.filter         : INFO     Found 178.255.222.211 - 2023-12-20 20:37:16
2023-12-20 13:13:17,068 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:16
2023-12-20 13:13:17,066 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:16
2023-12-20 13:13:04,769 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:04
2023-12-20 13:13:04,769 fail2ban.filter         : INFO     Found 156.215.31.48 - 2023-12-20 13:13:04
2023-12-20 11:23:00,796 fail2ban.filter         : INFO     Found 198.61.254.30 - 2023-12-20 11:23:00
2023-12-20 11:22:35,240 fail2ban.filter         : INFO     Found 167.172.163.193 - 2023-12-20 11:22:35
2023-12-20 11:22:35,240 fail2ban.filter         : INFO     Found 167.172.163.193 - 2023-12-20 11:22:35
2023-12-20 11:15:08,658 fail2ban.filter         : INFO     Found 167.99.139.2 - 2023-12-20 11:15:08
2023-12-20 11:15:08,657 fail2ban.filter         : INFO     Found 167.99.139.2 - 2023-12-20 11:15:08
2023-12-20 09:29:45,132 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:45
2023-12-20 09:29:45,130 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:45
2023-12-20 09:29:13,177 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:13
2023-12-20 09:29:13,176 fail2ban.filter         : INFO     Found 197.35.212.121 - 2023-12-20 09:29:13
2023-12-20 09:03:28,712 fail2ban.filter         : INFO     Found 38.108.68.89 - 2023-12-20 09:03:28
2023-12-20 09:03:28,711 fail2ban.filter         : INFO     Found 38.108.68.89 - 2023-12-20 09:03:28
2023-12-20 08:57:46,176 fail2ban.filter         : INFO     Found 38.108.68.147 - 2023-12-20 08:57:46

I also maintain a list of "Known Spammers" on my Pfsense Firewall that blocks spammers ASN IP's completely. The usual suspects like smtp.dk, yandex.ru, eonix, etc.

]]> Carbonio General Myriad https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6701 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6700 Fri, 22 Dec 2023 10:45:56 +0000 Carbonio General Myriad https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6700 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6695 Fri, 22 Dec 2023 00:37:30 +0000 @sharif I am currently using Carbonio's DoS Filter with the following configuration

carbonio prov modifyConfig zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating 180

carbonio prov modifyConfig zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin 60

carbonio prov modifyConfig zimbraInvalidLoginFilterMaxFailedLogin 1

trying to contain the constant brute force attacks since they make an attempt every 5 minutes from a different IP that is never repeated and the account blocking is constant, I have tried setting zimbraInvalidLoginFilterMaxFailedLogin to zero but it doesn't work either, how could I try to block if Does the IP change with each attempt?

 

 

]]> Carbonio General jolmir https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6695 RE: Fail2Ban x Carbonio Community Edition https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6694 Fri, 22 Dec 2023 00:30:50 +0000 Carbonio General jolmir https://community.zextras.com/forum/carbonio-general-thread/fail2ban-x-carbonio-community-edition/#post-6694