HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Configuring fail2ban for Roundcube (http://www.howtoforge.com/forums/showthread.php?t=58439)

snowweb 30th August 2012 06:48
Configuring fail2ban for Roundcube
 
I'm trying to set up fail2ban for Roundcube 0.8.1 which is the latest version.

I've found several instructions for earlier versions of Roundcube like this one, but the log format used back then seems to be a lot different to mine.

This is what I have and what is happening:

in /etc/fail2ban/jail.conf
Code:
[roundcube]
enabled  = true
port    = http,https
filter  = roundcube
action  = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/log/roundcubemail/errors
maxretry = 2
ignoreip =
in /etc/fail2ban/filter.d/roundcube.conf
Code:
[Definition]
failregex = IMAP Error: Login failed for .* from <HOST>
ignoreregex =
in /var/log/roundcubemail/errors I see
Code:
[30-Aug-2012 12:18:01 +0800]: IMAP Error: Login failed for john@somedomain.com from 1.2.3.4. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/shared/roundcubemail-0.8.1/program/include/rcube_imap.php on line 191 (POST /?_task=login&_action=login)
in /var/log/fail2ban.log I get
Code:
2012-08-30 12:18:02,466 fail2ban.filter : WARNING Unable to find a corresponding IP address for 1.2.3.4.
Now I guess the problem is the 'failregex' line of roundcube.conf, but regex isn't something I'm good at. Please can someone tell me what I need on that line?

Many thanks.

Peter

snowweb 30th August 2012 09:02
Solved.

This was the regex I used:

Code:
(.*) Login failed for (.*) from <HOST>\.


All times are GMT +2. The time now is 05:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.