2 security questions about MIAB

1- How can I limit mail users sending email counts per hour/day? (eg. 10 mail per hour)
2- How can we improve the security of login/sending emails? how many security features are available like 2-factor authentication, IP access list, etc.


Hello @arash.salehyzad

The things you are asking about (other than 2fa) are controlled within Postfix. However, as these configuration changes are outside of the scope of Mail-in-a-Box, I am not familiar with the specifics. You would need to engage with a postfix administrator. Sorry.

Hi Arash,

For the first one follow alento’s suggestion and also search miab-discourse I think I can recall reading similar requirest a while ago.

The second one for 2FA is a good idea for the Roundcube check out this: https://www.digitalocean.com/community/tutorials/how-to-secure-roundcube-on-ubuntu-16-04
About mail clients, 2FA can be done but will require some work.
Regarding the IP access lists - would be nice to have via Gui - via terminal you can do it adding to the firewall directly or via creating ipsets and then reference in the firewall.
Do remember that Fail2ban does that dynamically for failed login attempts for you. But certainly it will be nice to see/add blocked IPs in the Miab Admin gui.

And the problem with any unsupported modifications is that MIAB will wipe your changes so you have to take care for that too in cron scripts periodically :wink:

If you decide to play with it use a temp VM do not do it on your live MIAB.