Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 31st July 2009, 18:32
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default SquirrelMail/imap/pop3 fail2ban IP address

I'm running ISPConfig3 on Centos 5.3 as per the installation instructions at this site. When configuring fail2ban for trapping SquirrelMail failed logins, I notice the following in /var/log/maillog:

Jul 31 15:23:55 server_name imapd: LOGIN FAILED, user=45354, ip=[::ffff:127.0.0.1]
Jul 31 15:24:04 server_name imapd: LOGIN FAILED, user=34566, ip=[::ffff:127.0.0.1]
Jul 31 15:24:14 server_name imapd: LOGIN FAILED, user=56757, ip=[::ffff:127.0.0.1]
Jul 31 15:24:26 server_name imapd: LOGIN FAILED, user=4566, ip=[::ffff:127.0.0.1]

Each failed login generates an entry but with IP address 127.0.0.1 (localhost) and hence fail2ban cannot really action the iptables ban because there's no public IP address in the maillog file.

Does anyone have any ideas how a real IP address might be captured to enable fail2ban to do it's stuff? fail2ban works well on the system for ssh and ftp but they use a different logfile.
Reply With Quote
Sponsored Links
  #2  
Old 1st August 2009, 11:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by gscott187 View Post
Jul 31 15:23:55 server_name imapd: LOGIN FAILED, user=45354, ip=[::ffff:127.0.0.1]
Jul 31 15:24:04 server_name imapd: LOGIN FAILED, user=34566, ip=[::ffff:127.0.0.1]
Jul 31 15:24:14 server_name imapd: LOGIN FAILED, user=56757, ip=[::ffff:127.0.0.1]
Jul 31 15:24:26 server_name imapd: LOGIN FAILED, user=4566, ip=[::ffff:127.0.0.1]
This is ISPConfig's monitoring module, trying to find out if imapd is still running. Nothing to worry about.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd August 2009, 22:00
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default

Quote:
Originally Posted by falko View Post
This is ISPConfig's monitoring module, trying to find out if imapd is still running. Nothing to worry about.
Thanks for your reply.

I can confirm that imapd is still running. What I really wanted was to be able to ban (using fail2ban) repeated unsuccessful login attempts through SquirrelMail's Web interface. To be able to do this would involve knowing the real IP address. However, /var/log/maillog only contains IP address 127.0.0.1.
Reply With Quote
  #4  
Old 3rd August 2009, 10:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by gscott187 View Post
However, /var/log/maillog only contains IP address 127.0.0.1.
Yes, because ISPConfig connects from localhost (127.0.0.1).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 3rd August 2009, 16:16
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default fail2ban and SquirrelMail step by step instructions

I've now sucessfully set-up fail2ban with SquirrelMail for ISPConfig3 on CentOS v5.3 using the Squirrel Logger plugin to limit the number of login attempts. If there's any interest in how to do this, I'll write it up and post it. Whilst the process is covered in a few Web places, there are some steps that could cause frustration

Let me know if there's any interest?
Reply With Quote
The Following User Says Thank You to gscott187 For This Useful Post:
falko (4th August 2009)
  #6  
Old 4th August 2009, 14:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

A tutorial would be great!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 5th August 2009, 15:39
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default SqurrelMail/fail2ban

Quote:
Originally Posted by falko View Post
A tutorial would be great!
There should be a tutorial in your email inbox awaiting your consideration.
Reply With Quote
The Following User Says Thank You to gscott187 For This Useful Post:
falko (6th August 2009)
  #8  
Old 14th August 2009, 02:49
rlischer rlischer is offline
Senior Member
 
Join Date: Jul 2009
Posts: 121
Thanks: 6
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by gscott187 View Post
I've now sucessfully set-up fail2ban with SquirrelMail for ISPConfig3 on CentOS v5.3 using the Squirrel Logger plugin to limit the number of login attempts. If there's any interest in how to do this, I'll write it up and post it. Whilst the process is covered in a few Web places, there are some steps that could cause frustration

Let me know if there's any interest?
I am interested in your how-to on fail2ban and centos. Thanks
Reply With Quote
  #9  
Old 14th August 2009, 11:51
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
 
Default Location of SquirrelMail/Fail2ban tutorial

Here's the location of the published SquirrelMail/Fail2ban tutorial:

http://www.howtoforge.com/configurin....3-ispconfig-3
Reply With Quote
The Following User Says Thank You to gscott187 For This Useful Post:
bajodel (15th August 2009)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
421 Unexpected failure Lizard King Installation/Configuration 20 7th July 2009 21:43
Postfix not responding to telnet CarbonCopy Server Operation 6 8th May 2009 06:39
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 13:20
IP Address' newmember Installation/Configuration 1 24th December 2008 11:40
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 10:40


All times are GMT +2. The time now is 00:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.