• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved does fail2ban for webmail bring added value?

Linulex

Linulex

Silver Pleskian
Fail2ban takes cpu cycles that websites can't use, so there is no point in having unneeded fail2ban jails.
This made we wonder:

is there a point to fail2ban-roundcube and fail2ban-horde? we also use mod_evasive.

As i see it:
- scripts that try to "guess" passwords will be banned by the imap jail
- scripts that try and try will be stopped by mod_evasive

fail2ban-webmail stops it earlier then imap, that is true.
But it also prevents legitimate users that made a mistake from reaching there website, and it doesn't close the imap port.

Or am i missing something?

regards
Jan
 
Last edited:
It really all depends on what your needs are. I have it enabled but I don't have much email user traffic since most of my emails is handled differently. All point of the jails is to prevent someone from trying to use brute force methods of trying to log in. Fail2Ban looks at the logs to see the number of tries and will automatically temp ban or even perma ban based off of the settings you've set. If you think 5 tries (which is default) is too little, feel free to edit the rule to make it bigger, if you think 5 tries is too much, feel free to make it smaller. If you don't think it's needed, feel free to turn off that jail.

In terms of blocking the IMAP port, that's not what it does, it just bans the IP by blocking that IP from accessing whatever the port is for the web mail service of choice. If you don't want anyone to access the IMAP port then you will need to block it through the firewall.
 
I know how fail2ban works. And i found the answer myself:

Yes they are needed. imap registers these logins as coming from [::1] (localhost), and localhost is whitelisted so hackers/scriptkiddies/password guessers that try via a webmail will never get banned.

regards
Jan
 
You must log in or register to reply here.

Similar threads

T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
3K
Bitpalast
Bitpalast
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
3K
Hiljo_Lodewijk
H
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
4K
The 8th
The 8th
learning_curve
Resolved Fail2Ban IPv6 banning in Obsidian. Correct Plesk Configuration?
Replies
4
Views
4K
Guido
G
WebHostingAce
Input Magento 2 | Plesk | Varnish Setup in a Docker
Replies
1
Views
6K
WebHostingAce
WebHostingAce
Back
Top