Many James services behind a proxy should need only one filter at proxy level. No need to install fail2ban on every service.
Vào 22:21, T.7, 4 Th3, 2023 Benoit TELLIER <btell...@linagora.com> đã viết: > James 3.8.0 will support the proxy protocol. Source IP is preserved, > exposed in the MDC logging context. This might demand to set up rich logs. > > This should allow setting up fail2ban behind a proxy. > > -- > > Best regards, > > Benoit TELLIER > > General manager of Linagora VIETNAM. > Product owner for Team-Mail product. > Chairman of the Apache James project. > > Mail: btell...@linagora.com > Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) > > > ------- Forwarded message ------- > Subject: Re: DDoS and DoS protection > Date: Mar 4, 2023 10:07 PM > From: Huy Van > To: James Users List > Hi, > > Fail2ban seems not to be effective when working behind a load balancer. > This may require to store incoming IP and log on an in-memory database such > as Redis or any thing similar. > > Best regards, > Huy Van > > Vào 23:48, T.6, 3 Th3, 2023 Benoit TELLIER <btell...@linagora.com> đã > viết: > > > Concerning JMAP protocol, if by any chance you jumped on that boat, the > > use of any serious API gateway in front of the HTTP endpoint would offer > > this for free. > > > > Very true for IMAP + SMTP. Fail2ban is the go to solution for now. > > Structured logging might be required to get the client ip address. > > > > Best regards, > > > > Benoit > > > > > > On Mar 3, 2023 9:43 PM, from David Matthews >Does Apache James provide > any > > best practice for DDoS/DoS protection? I mean > > >it is at application level. > > > > > > > fail2ban can be very effective with a mail exchanger. > > > > There are some notes here > > > > https://dmatthews.org/webmail.html#fail2ban > > > > but there it's being used with exim4. > > > > So you would have to study your log file, decide what you want to keep > out > > and then write a fail2ban filter to suit, so you'd have a fair bit of > work > > to do to get it operational. > > > > -- > > David Matthews > > m...@dmatthews.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > For additional commands, e-mail: server-user-h...@james.apache.org > > > > > > > > > > > > > > -- > > > > Best regards, > > > > > > > > Benoit TELLIER > > > > > > > > General manager of Linagora VIETNAM. > > > > Product owner for Team-Mail product. > > > > Chairman of the Apache James project. > > > > > > > > Mail: btell...@linagora.com > > > > Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) > > >
