James 3.8.0 will support the proxy protocol. Source IP is preserved, exposed in the MDC logging context. This might demand to set up rich logs.
This should allow setting up fail2ban behind a proxy. -- Best regards, Benoit TELLIER General manager of Linagora VIETNAM. Product owner for Team-Mail product. Chairman of the Apache James project. Mail: [email protected] Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) ------- Forwarded message ------- Subject: Re: DDoS and DoS protection Date: Mar 4, 2023 10:07 PM From: Huy Van To: James Users List Hi, Fail2ban seems not to be effective when working behind a load balancer. This may require to store incoming IP and log on an in-memory database such as Redis or any thing similar. Best regards, Huy Van Vào 23:48, T.6, 3 Th3, 2023 Benoit TELLIER <[email protected]> đã viết: > Concerning JMAP protocol, if by any chance you jumped on that boat, the > use of any serious API gateway in front of the HTTP endpoint would offer > this for free. > > Very true for IMAP + SMTP. Fail2ban is the go to solution for now. > Structured logging might be required to get the client ip address. > > Best regards, > > Benoit > > > On Mar 3, 2023 9:43 PM, from David Matthews >Does Apache James provide any > best practice for DDoS/DoS protection? I mean > >it is at application level. > > > > fail2ban can be very effective with a mail exchanger. > > There are some notes here > > https://dmatthews.org/webmail.html#fail2ban > > but there it's being used with exim4. > > So you would have to study your log file, decide what you want to keep out > and then write a fail2ban filter to suit, so you'd have a fair bit of work > to do to get it operational. > > -- > David Matthews > [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > > > > -- > > Best regards, > > > > Benoit TELLIER > > > > General manager of Linagora VIETNAM. > > Product owner for Team-Mail product. > > Chairman of the Apache James project. > > > > Mail: [email protected] > > Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal) >
