By default iRedMail doesn’t send out notifications if throttling has occurred. There is no clear documentation on how to set it up. So here is what i found works :
Assuming you have fail2ban loaded (which I believe iRedMail has by default):
1. Update the Jail Configuration
Edit the Fail2Ban jail configuration:
sudo nano /etc/fail2ban/jail.local
Ensure this section is updated:
[iRedMail-throttling]
enabled = true
filter = iredmail-throttling
logpath = /var/log/iredapd/iredapd.log
maxretry = 1
findtime = 3600
bantime = 3600
action = %(action_mwl)s
-
maxretry = 1→ Triggers alert on the first detected throttling event. -
action = %(action_mwl)s→ Sends an email with details.
2. Update the Filter for iRedAPD Throttling
A – Modify the Fail2Ban filter for detecting throttling:
sudo nano /etc/fail2ban/filter.d/iredmail-throttling.conf
Add the following:
[Definition]
failregex = .*Throttling.*client=<HOST>.*$
ignoreregex =
B – Setup Fail2Ban to send emails
sudo nano /etc/fail2ban/action.d/sendmail-common.conf
Check these exist or modify them
destemail = admin@example.com
sender = fail2ban@example.com
mta = sendmail
3. Restart Fail2Ban
sudo systemctl restart fail2ban
Check the jail status:
sudo fail2ban-client status iRedMail-throttling
4. Test the Filter
Manually add a test entry to the log file:
echo "$(date) Throttling client=8.8.8.8" | sudo tee -a /var/log/iredapd/iredapd.log
Note – I used 8.8.8.8 as it will never try to email you. Using a local IP address can ban your people or else it is rejected as local IP ranges may be exempt in iRedAdmin
Then check if Fail2Ban detects it:
sudo fail2ban-regex /var/log/iredapd/iredapd.log /etc/fail2ban/filter.d/iredmail-throttling.conf
or check the logs another way
sudo journalctl -u fail2ban --no-pager | grep "iRedMail-throttling"
Now, when throttling events occur, Fail2Ban should detect them and send an email alert.
