Anonymous | Login | 2024-11-23 02:40 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Revisions: Issue #22261 | [ Back to Issue ] | ||
Summary | 0022261: Cyrus-imap jail does not protect POP/POPS | ||
Revision | 2018-11-07 02:32 by NickH | ||
Description | It looks like there is an upstream bug with the curus-imap protection. Cyrus-imap provided POP and IMAP services. In fail2ban, the filter /etc/fail2ban/filter.d/cyrus-imap.conf detects failed POP, POPS, IMAP and IMAPS logins, but the jail is constructed with the line: port = imap,imaps So when a ban is triggered, only the IMAP and IMAPS ports are blocked leaving you still open on POP/POPS It should be simple to drop our own override into /etc/fail2ban/jail.d/clearos-cyrus-imap.conf just by adding the line: port = imap,imaps,pop3,pop3s |
||
Revision | 2018-11-07 03:13 by NickH | ||
Description | It looks like there is an upstream bug with the curus-imap protection. Cyrus-imap provided POP and IMAP services. In fail2ban, the filter /etc/fail2ban/filter.d/cyrus-imap.conf detects failed POP, POPS, IMAP and IMAPS logins, but the jail is constructed with the line: port = imap,imaps So when a ban is triggered, only the IMAP and IMAPS ports are blocked leaving you still open on POP/POPS It should be simple to drop our own override into /etc/fail2ban/jail.d/clearos-cyrus-imap.conf just by adding the line: port = imap,imaps,pop3,pop3s This bug also relates to https://tracker.clearos.com/view.php?id=9551 [^] |