ClearOS Bug Tracker


View Revisions: Issue #22261 Back to Issue ]
Summary 0022261: Cyrus-imap jail does not protect POP/POPS
Revision 2018-11-07 02:32 by NickH
Description It looks like there is an upstream bug with the curus-imap protection. Cyrus-imap provided POP and IMAP services. In fail2ban, the filter /etc/fail2ban/filter.d/cyrus-imap.conf detects failed POP, POPS, IMAP and IMAPS logins, but the jail is constructed with the line:
port = imap,imaps

So when a ban is triggered, only the IMAP and IMAPS ports are blocked leaving you still open on POP/POPS

It should be simple to drop our own override into /etc/fail2ban/jail.d/clearos-cyrus-imap.conf just by adding the line:
port = imap,imaps,pop3,pop3s
Revision 2018-11-07 03:13 by NickH
Description It looks like there is an upstream bug with the curus-imap protection. Cyrus-imap provided POP and IMAP services. In fail2ban, the filter /etc/fail2ban/filter.d/cyrus-imap.conf detects failed POP, POPS, IMAP and IMAPS logins, but the jail is constructed with the line:
port = imap,imaps

So when a ban is triggered, only the IMAP and IMAPS ports are blocked leaving you still open on POP/POPS

It should be simple to drop our own override into /etc/fail2ban/jail.d/clearos-cyrus-imap.conf just by adding the line:
port = imap,imaps,pop3,pop3s

This bug also relates to https://tracker.clearos.com/view.php?id=9551 [^]