Fail2Ban on Zimbra 8.8 with Centos 7

[Peter Parker]

Hi guys,

I’m having a multi-server Zimbra environment as follow: 1 LDAP + 2 MTA + 2 MAILBOX + 1 PROXY.

I’m setting Fail2Ban on Zimbra 8.8 with Centos 7 to prevent the brute force attacks.

I’m following this article http://linux-sys-adm.com/how-to-configu ... p-by-step/. But, I am seeing that this post only working for a single server environment. Let me explain to you.

These logs are stored at Mailbox Server.
[zimbra-account]

enabled = true
filter = zimbra
action = iptables-allports[name=Zimbra-account]
sendmail[name=Zimbra-account, dest=mslavov@linux-sys-adm.com]
logpath = /opt/zimbra/log/mailbox.log
bantime = -1
maxretry = 4

[zimbra-audit]

enabled = true
filter = zimbra
action = iptables-allports[name=Zimbra-audit]
sendmail[name=Zimbra-audit, dest=mslavov@linux-sys-adm.com]
logpath = /opt/zimbra/log/audit.log
bantime = -1
maxretry = 2

This log is being stored at MTA Server.

[postfix]

enabled = true
filter = postfix
action = iptables-multiport[name=Postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, dest=mslavov@linux-sys-adm.com]
logpath = /var/log/maillog
bantime = -1
maxretry = 5

So, can I ask you the question?

Can you please let me know where is being installed Fail2Ban? MTA or Mailbox or both on 2 servers? I have read every article on setting up Fail2Ban and they are all different.

Can you please share for me these Fail2Ban configuration files as ( /etc/fail2ban/jail.conf, /etc/fail2ban/filter.d/zimbra.conf, and /etc/fail2ban/action.d/iptables-allports.conf) are working on multi server environment?