>Many James services behind a proxy should need only one filter at proxy level. No need to install fail2ban on every service.
>Is it best practice to store all logs to database and configure proxy services to look them? Vào 23:02, T.7, 4 Th3, 2023 Huy Van <huymik...@gmail.com> đã viết: > Many James services behind a proxy should need only one filter at proxy > level. No need to install fail2ban on every service. > > Vào 22:21, T.7, 4 Th3, 2023 Benoit TELLIER <btell...@linagora.com> đã > viết: > >> James 3.8.0 will support the proxy protocol. Source IP is preserved, >> exposed in the MDC logging context. This might demand to set up rich logs. >> >> This should allow setting up fail2ban behind a proxy. >> >> -- >> >> Best regards, >> >> Benoit TELLIER >> >> General manager of Linagora VIETNAM. >> Product owner for Team-Mail product. >> Chairman of the Apache James project. >> >> Mail: btell...@linagora.com >> Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) >> >> >> ------- Forwarded message ------- >> Subject: Re: DDoS and DoS protection >> Date: Mar 4, 2023 10:07 PM >> From: Huy Van >> To: James Users List >> Hi, >> >> Fail2ban seems not to be effective when working behind a load balancer. >> This may require to store incoming IP and log on an in-memory database >> such >> as Redis or any thing similar. >> >> Best regards, >> Huy Van >> >> Vào 23:48, T.6, 3 Th3, 2023 Benoit TELLIER <btell...@linagora.com> đã >> viết: >> >> > Concerning JMAP protocol, if by any chance you jumped on that boat, the >> > use of any serious API gateway in front of the HTTP endpoint would offer >> > this for free. >> > >> > Very true for IMAP + SMTP. Fail2ban is the go to solution for now. >> > Structured logging might be required to get the client ip address. >> > >> > Best regards, >> > >> > Benoit >> > >> > >> > On Mar 3, 2023 9:43 PM, from David Matthews >Does Apache James provide >> any >> > best practice for DDoS/DoS protection? I mean >> > >it is at application level. >> > > >> > >> > fail2ban can be very effective with a mail exchanger. >> > >> > There are some notes here >> > >> > https://dmatthews.org/webmail.html#fail2ban >> > >> > but there it's being used with exim4. >> > >> > So you would have to study your log file, decide what you want to keep >> out >> > and then write a fail2ban filter to suit, so you'd have a fair bit of >> work >> > to do to get it operational. >> > >> > -- >> > David Matthews >> > m...@dmatthews.org >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> > For additional commands, e-mail: server-user-h...@james.apache.org >> > >> > >> > >> > >> > >> > >> > -- >> > >> > Best regards, >> > >> > >> > >> > Benoit TELLIER >> > >> > >> > >> > General manager of Linagora VIETNAM. >> > >> > Product owner for Team-Mail product. >> > >> > Chairman of the Apache James project. >> > >> > >> > >> > Mail: btell...@linagora.com >> > >> > Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) >> > >> >
