diff --git a/html/sogo-centos-6-mysql.html b/html/sogo-centos-6-mysql.html index dadcd0c8..372c06ec 100644 --- a/html/sogo-centos-6-mysql.html +++ b/html/sogo-centos-6-mysql.html @@ -112,7 +112,10 @@ for you, just replace MySQL username/password in this file, then it's done.
WOPort = 127.0.0.1:20000; // PID file - //WOPidFile = /var/log/sogo/sogo.log; + //WOPidFile = /var/run/sogo/sogo.log; + + // Log file + //WOLogFile = /var/log/sogo/sogo.log; // IMAP connection pool. // Your performance will slightly increase, as you won't open a new diff --git a/html/sogo-centos-6-openldap.html b/html/sogo-centos-6-openldap.html index 7563be71..471bd253 100644 --- a/html/sogo-centos-6-openldap.html +++ b/html/sogo-centos-6-openldap.html @@ -109,7 +109,10 @@ basedn, bind dn/passwordthen in this file, then it's done. WOPort = 127.0.0.1:20000; // PID file - //WOPidFile = /var/log/sogo/sogo.log; + //WOPidFile = /var/run/sogo/sogo.log; + + // Log file + //WOLogFile = /var/log/sogo/sogo.log; // IMAP connection pool. // Your performance will slightly increase, as you won't open a new diff --git a/html/upgrade.iredmail.0.9.0-0.9.1.html b/html/upgrade.iredmail.0.9.0-0.9.1.html index ceb66921..7cc99c43 100644 --- a/html/upgrade.iredmail.0.9.0-0.9.1.html +++ b/html/upgrade.iredmail.0.9.0-0.9.1.html @@ -16,6 +16,7 @@WARNING: Still working in progress, do NOT apply it.
To improve server security, we'd better block clients which have too many +failed login attempts from SOGo.
+Please append below lines in Fail2ban main config file /etc/fail2ban/jail.local
:
[SOGo]
+enabled = true
+filter = sogo-auth
+port = http, https
+# without proxy this would be:
+# port = 20000
+action = iptables-multiport[name=SOGo, port="http,https", protocol=tcp]
+logpath = /var/log/sogo/sogo.log
+
+
+Restarting Fail2ban service is required.
We have a new Fail2ban filter to help catch spam, it will scan HELO rejections in Postfix log file and invoke iptables to ban client IP address.
@@ -74,6 +91,7 @@ failregex = \[<HOST>\]: SASL (PLAIN|LOGIN) authentication failed ignoreregex = +Restarting Fail2ban service is required.
reject_null_sender
Note: this is applicable if you want to keep iRedAPD plugin reject_null_sender
but still able to send return receipt with Roundcube webmail.