• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Exclude email or domain from fail2ban checking

EnriqueR

Regular Pleskian
Server operating system version
Ubuntu 24.04.2 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.68 #2
I have a problem with a client. Every now and then, fail2ban blocks their IP because they have misconfigured email accounts on their network, which triggers the plesk-dovecot rule.

This is fine, but the problem is that the client is unable to find the email program that's causing the problem. I've tried adding their IP to the whitelist, but it keeps changing due to their ISP.

Is there a way to notify fail2ban in the plesk-dovecot rule so it doesn't block connection attempts to specific email accounts or the entire domain?

I understand the risks this could pose, but we haven't found any other solution, as we can't find any clues in the server logs to help us find the specific device or program.
 
Hello, @EnriqueR . Unfortunately, there's no way to exclude a particular domain/email address. Does the ISP of the user at least use the same IP range? If yes, what you might do is whitelist the whole range. Although not ideal as imposes risks, it could be a potential workaround. What else you might do is switch off the jail blocking the IP address, or increasing the number of failed attempts, but that's not advisable. I personally cannot think of a workaround that won't compromise the server security in one way or another.
 
Back
Top