||30th August 2012 06:48
Configuring fail2ban for Roundcube
I'm trying to set up fail2ban for Roundcube 0.8.1 which is the latest version.
I've found several instructions for earlier versions of Roundcube like this one
, but the log format used back then seems to be a lot different to mine.
This is what I have and what is happening:
enabled = true
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port="http,https"]
logpath = /var/log/roundcubemail/errors
maxretry = 2
failregex = IMAP Error: Login failed for .* from <HOST>
in /var/log/roundcubemail/errors I see
[30-Aug-2012 12:18:01 +0800]: IMAP Error: Login failed for firstname.lastname@example.org from 126.96.36.199. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/shared/roundcubemail-0.8.1/program/include/rcube_imap.php on line 191 (POST /?_task=login&_action=login)
in /var/log/fail2ban.log I get
2012-08-30 12:18:02,466 fail2ban.filter : WARNING Unable to find a corresponding IP address for 188.8.131.52.
Now I guess the problem is the 'failregex' line of roundcube.conf, but regex isn't something I'm good at. Please can someone tell me what I need on that line?
||30th August 2012 09:02
This was the regex I used:
(.*) Login failed for (.*) from <HOST>\.
|All times are GMT +2. The time now is 12:25.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.