Question Exclude email or domain from fail2ban checking

[EnriqueR]

Server operating system version

Ubuntu 24.04.2 LTS

Plesk version and microupdate number

Plesk Obsidian 18.0.68 #2

I have a problem with a client. Every now and then, fail2ban blocks their IP because they have misconfigured email accounts on their network, which triggers the plesk-dovecot rule.

This is fine, but the problem is that the client is unable to find the email program that's causing the problem. I've tried adding their IP to the whitelist, but it keeps changing due to their ISP.

Is there a way to notify fail2ban in the plesk-dovecot rule so it doesn't block connection attempts to specific email accounts or the entire domain?

I understand the risks this could pose, but we haven't found any other solution, as we can't find any clues in the server logs to help us find the specific device or program.

 

[Sebahat.hadzhi]

Hello, @EnriqueR . Unfortunately, there's no way to exclude a particular domain/email address. Does the ISP of the user at least use the same IP range? If yes, what you might do is whitelist the whole range. Although not ideal as imposes risks, it could be a potential workaround. What else you might do is switch off the jail blocking the IP address, or increasing the number of failed attempts, but that's not advisable. I personally cannot think of a workaround that won't compromise the server security in one way or another.