Configuring fail2ban for Roundcube

Discussion in 'Server Operation' started by snowweb, Aug 30, 2012.

  1. snowweb

    snowweb Member

    I'm trying to set up fail2ban for Roundcube 0.8.1 which is the latest version.

    I've found several instructions for earlier versions of Roundcube like this one, but the log format used back then seems to be a lot different to mine.

    This is what I have and what is happening:

    in /etc/fail2ban/jail.conf
    Code:
    [roundcube]
    enabled  = true
    port     = http,https
    filter   = roundcube
    action   = iptables-multiport[name=roundcube, port="http,https"]
    logpath  = /var/log/roundcubemail/errors
    maxretry = 2
    ignoreip =
    in /etc/fail2ban/filter.d/roundcube.conf
    Code:
    [Definition]
    failregex = IMAP Error: Login failed for .* from <HOST>
    ignoreregex =
    in /var/log/roundcubemail/errors I see
    Code:
    [30-Aug-2012 12:18:01 +0800]: IMAP Error: Login failed for [email protected] from 1.2.3.4. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/shared/roundcubemail-0.8.1/program/include/rcube_imap.php on line 191 (POST /?_task=login&_action=login)
    in /var/log/fail2ban.log I get
    Code:
    2012-08-30 12:18:02,466 fail2ban.filter : WARNING Unable to find a corresponding IP address for 1.2.3.4.
    Now I guess the problem is the 'failregex' line of roundcube.conf, but regex isn't something I'm good at. Please can someone tell me what I need on that line?

    Many thanks.

    Peter
     
  2. snowweb

    snowweb Member

    Solved.

    This was the regex I used:

    Code:
    (.*) Login failed for (.*) from <HOST>\.
     

Share This Page