From fa698fc4ab5f97dc14abb3dc8b24fb388dd8af70 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Mon, 12 Dec 2016 22:34:15 +0800
Subject: [PATCH] Sync iRedMail upgrade tutorial.
---
.../0-upgrade.iredmail.0.9.5.1-0.9.6.md | 25 ++++++++++++++++++
html/upgrade.iredmail.0.9.5.1-0.9.6.html | 26 +++++++++++++++++++
2 files changed, 51 insertions(+)
diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
index 836e35bf..bc6b1636 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
@@ -17,6 +17,7 @@
## ChangeLog
+* Dec 12, 2016: Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
* Nov 9, 2016: Fixed: Memcached listens on all available IP addresses instead of `127.0.0.1`
* Nov 9, 2016: Fixed: not allow access to '/.well-known/' in Nginx
* Nov 1, 2016: Fixed: invalid default (datetime) value for some SQL columns in 'vmail' database.
@@ -312,6 +313,30 @@ Then restart memcached service:
rcctl restart memcached
```
+### Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
+
+> This step is applicable to Linux system.
+
+We have one new Fail2ban filter regular expression to catch unauth clients
+which generates log like below:
+
+> Dec 11 16:49:41 imap-login: Info: Disconnected (auth failed, 1 attempts in
+> 2 secs): user=, method=PLAIN, rip=212.8.246.222,
+> lip=10.11.12.13, TLS: Disconnected, session=
+
+Steps:
+
+* On Linux:
+
+```
+cd /etc/fail2ban/filter.d/
+rm -f dovecot.iredmail.conf
+wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
+service fail2ban reload
+```
+
+* On FreeBSD and OpenBSD, we don't have Fail2ban configured, so not applicable.
+
## OpenLDAP backend special
### Fixed: mail accounts (user, alias, list) are still active when domain is disabled
diff --git a/html/upgrade.iredmail.0.9.5.1-0.9.6.html b/html/upgrade.iredmail.0.9.5.1-0.9.6.html
index 6a961758..94ba7ee8 100644
--- a/html/upgrade.iredmail.0.9.5.1-0.9.6.html
+++ b/html/upgrade.iredmail.0.9.5.1-0.9.6.html
@@ -38,6 +38,7 @@
Fixed: Nginx doesn't forward real client IP address to SOGo
Fixed: SOGo-3.1.3 (and later releases) changed argument used by sogo-tool command
Fixed: Memcached listens on all available IP addresses instead of 127.0.0.1
+Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
OpenLDAP backend special
ChangeLog
+- Dec 12, 2016: Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
- Nov 9, 2016: Fixed: Memcached listens on all available IP addresses instead of
127.0.0.1
- Nov 9, 2016: Fixed: not allow access to '/.well-known/' in Nginx
- Nov 1, 2016: Fixed: invalid default (datetime) value for some SQL columns in 'vmail' database.
@@ -337,6 +339,30 @@ to the IP address of your jail.
rcctl restart memcached
+Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
+
+This step is applicable to Linux system.
+
+We have one new Fail2ban filter regular expression to catch unauth clients
+which generates log like below:
+
+Dec 11 16:49:41 imap-login: Info: Disconnected (auth failed, 1 attempts in
+2 secs): user=admin@example.net, method=PLAIN, rip=212.8.246.222,
+lip=10.11.12.13, TLS: Disconnected, session=
+
+Steps:
+
+cd /etc/fail2ban/filter.d/
+rm -f dovecot.iredmail.conf
+wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
+service fail2ban reload
+
+
+
+- On FreeBSD and OpenBSD, we don't have Fail2ban configured, so not applicable.
+
OpenLDAP backend special
Fixed: mail accounts (user, alias, list) are still active when domain is disabled