Hi, Fail2ban seems not to be effective when working behind a load balancer. This may require to store incoming IP and log on an in-memory database such as Redis or any thing similar.
Best regards, Huy Van Vào 23:48, T.6, 3 Th3, 2023 Benoit TELLIER <[email protected]> đã viết: > Concerning JMAP protocol, if by any chance you jumped on that boat, the > use of any serious API gateway in front of the HTTP endpoint would offer > this for free. > > Very true for IMAP + SMTP. Fail2ban is the go to solution for now. > Structured logging might be required to get the client ip address. > > Best regards, > > Benoit > > > On Mar 3, 2023 9:43 PM, from David Matthews >Does Apache James provide any > best practice for DDoS/DoS protection? I mean > >it is at application level. > > > > fail2ban can be very effective with a mail exchanger. > > There are some notes here > > https://dmatthews.org/webmail.html#fail2ban > > but there it's being used with exim4. > > So you would have to study your log file, decide what you want to keep out > and then write a fail2ban filter to suit, so you'd have a fair bit of work > to do to get it operational. > > -- > David Matthews > [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > > > > -- > > Best regards, > > > > Benoit TELLIER > > > > General manager of Linagora VIETNAM. > > Product owner for Team-Mail product. > > Chairman of the Apache James project. > > > > Mail: [email protected] > > Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) >
