How to Implement Fail2Ban in Postfix Mail Server on Ubuntu 22.04

Introduction

Running a mail server without protection is risky because hackers and spammers constantly try to brute-force user passwords.
Fail2Ban is a security tool that automatically blocks suspicious IPs after too many failed login attempts.
In this guide, we will integrate Fail2Ban with Postfix on Ubuntu 22.04 step by step.

What is Fail2Ban?

Fail2Ban is an intrusion prevention tool that monitors log files for suspicious activity.
If it detects too many failed attempts, it blocks the IP address using the system firewall (UFW or iptables).
It is commonly used to protect SSH, Postfix, Dovecot, and other services.

Step 1: Install Fail2Ban

sudo apt update
sudo apt install -y fail2ban

Step 2: Enable and Start Fail2Ban

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check status:

sudo systemctl status fail2ban

Step 3: Configure Fail2Ban for Postfix

Fail2Ban uses jail files to define what service to protect.
Copy the default configuration:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the jail.local file:

sudo nano /etc/fail2ban/jail.local

Add configuration for Postfix and Dovecot:

[postfix]
enabled = true
port    = smtp,ssmtp,submission
filter  = postfix
logpath = /var/log/mail.log
maxretry = 5
bantime = 3600

[dovecot]
enabled = true
port    = pop3,pop3s,imap,imaps,submission,465,smtp
filter  = dovecot
logpath = /var/log/mail.log
maxretry = 5
bantime = 3600
  • maxretry = 5 → Block IP after 5 failed attempts.
  • bantime = 3600 → Ban for 1 hour (3600 seconds).
  • logpath → Fail2Ban reads Postfix/Dovecot logs for failed logins.

Step 4: Restart Fail2Ban

sudo systemctl restart fail2ban

Step 5: Verify Fail2Ban Status

Check which jails are active:

sudo fail2ban-client status

Check details for Postfix jail:

sudo fail2ban-client status postfix

You will see banned IPs if attacks are detected.

Step 6: Manually Unban an IP

If a legitimate IP was blocked, unban it:

sudo fail2ban-client set postfix unbanip 192.168.1.50

Benefits of Using Fail2Ban

  • Protects Postfix and Dovecot from brute-force attacks.
  • Blocks spammers automatically at the firewall level.
  • Reduces server load by dropping bad connections.
  • Improves overall email server security.
  • Works automatically in the background with little maintenance.

Best Practices for Fail2Ban

  • Set reasonable maxretry and bantime values (not too low, not too high).
  • Whitelist trusted IPs (like internal networks) in /etc/fail2ban/jail.local.
  • Regularly monitor Fail2Ban logs: /var/log/fail2ban.log.
  • Integrate with UFW or iptables firewall for strong blocking.
  • Test your configuration by simulating failed logins.

Conclusion

We successfully implemented Fail2Ban for Postfix mail server on Ubuntu 22.04.
With this setup, your server automatically blocks suspicious IPs after repeated login failures.
This is a simple but very effective protection method, and every Linux administrator should enable it in production mail servers.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Prometheus and Grafana Interview Questions and Answers
Force Linux User to Change Password at First Login and Periodically on Rocky Linux/RHEL-8
Create Bulk Zimbra Users Using Shell Script
Setup NFS Server and Client in Rocky Linux 8