View Single Post
Old 31st July 2009, 18:32
gscott187 gscott187 is offline
Junior Member
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default SquirrelMail/imap/pop3 fail2ban IP address

I'm running ISPConfig3 on Centos 5.3 as per the installation instructions at this site. When configuring fail2ban for trapping SquirrelMail failed logins, I notice the following in /var/log/maillog:

Jul 31 15:23:55 server_name imapd: LOGIN FAILED, user=45354, ip=[::ffff:]
Jul 31 15:24:04 server_name imapd: LOGIN FAILED, user=34566, ip=[::ffff:]
Jul 31 15:24:14 server_name imapd: LOGIN FAILED, user=56757, ip=[::ffff:]
Jul 31 15:24:26 server_name imapd: LOGIN FAILED, user=4566, ip=[::ffff:]

Each failed login generates an entry but with IP address (localhost) and hence fail2ban cannot really action the iptables ban because there's no public IP address in the maillog file.

Does anyone have any ideas how a real IP address might be captured to enable fail2ban to do it's stuff? fail2ban works well on the system for ssh and ftp but they use a different logfile.
Reply With Quote
Sponsored Links