SquirrelMail/imap/pop3 fail2ban IP address
I'm running ISPConfig3 on Centos 5.3 as per the installation instructions at this site. When configuring fail2ban for trapping SquirrelMail failed logins, I notice the following in /var/log/maillog:
Jul 31 15:23:55 server_name imapd: LOGIN FAILED, user=45354, ip=[::ffff:127.0.0.1]
Jul 31 15:24:04 server_name imapd: LOGIN FAILED, user=34566, ip=[::ffff:127.0.0.1]
Jul 31 15:24:14 server_name imapd: LOGIN FAILED, user=56757, ip=[::ffff:127.0.0.1]
Jul 31 15:24:26 server_name imapd: LOGIN FAILED, user=4566, ip=[::ffff:127.0.0.1]
Each failed login generates an entry but with IP address 127.0.0.1 (localhost) and hence fail2ban cannot really action the iptables ban because there's no public IP address in the maillog file.
Does anyone have any ideas how a real IP address might be captured to enable fail2ban to do it's stuff? fail2ban works well on the system for ssh and ftp but they use a different logfile.
|
English | 
Deutsch
Threaded Mode
Recent comments
9 hours 12 min ago
14 hours 10 min ago
15 hours 37 min ago
16 hours 30 min ago
18 hours 13 min ago
22 hours 36 min ago
23 hours 28 min ago
1 day 1 hour ago
1 day 14 hours ago
1 day 16 hours ago