Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 21st October 2010, 18:25
linus3x linus3x is offline
Junior Member
Join Date: Oct 2010
Posts: 16
Thanks: 2
Thanked 4 Times in 3 Posts
Default Section 6.5, ISPConfig 3 Manual

First off, you guys did a great job on the ISPConfig 3 manual - very easy to follow.

I just wanted to point out one thing that I noticed. It's in section 6.5 - How Do I Make fail2ban Monitor Additional Services? When I followed that section, I was getting errors like the following in my fail2ban log:

fail2ban.comm   : WARNING Invalid command: ['set', 'courierimap', 'failregex', 'imapd: LOGIN FAILED.*ip=\\[.*:<HOST>\\]']
I saw those for courierpop3, courierimap, and SASL. I investigated and found that the /etc/fail2ban/jail.conf file for the fail2ban that was downloaded from the Debian repository already had sections for those 3 in it. They just weren't enabled. Further, there were already /etc/fail2ban/filter.d/*.conf files for those sections included.

Note: the courier sections were named differently - I think pop3d and imap?

I basically followed Thomas's instructions at the bottom of this post to fix it.

Edit the conf file:

vi /etc/fail2ban/jail.conf
Remove the failregex line and update the filter:


enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5


enabled = true
port = imap2
filter = courierimap
logpath = /var/log/mail.log
maxretry = 5
Create a filter file /etc/fail2ban/filter.d/courierimap.conf with the following content:

vi /etc/fail2ban/filter.d/courierimap.conf
# Fail2Ban configuration file
# $Revision: 100 $


# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
ignoreregex = imapd: LOGIN FAILED.*ip=\[.*127\.0\.0\.1\]
BTW, I added ignoreregex to this one because failed squirrelmail logins were generating failed logins on no matter what the end user's IP address really was.

Again - great job on the manual - it's been invaluable in getting setup.
Reply With Quote
The Following User Says Thank You to linus3x For This Useful Post:
falko (22nd October 2010)
Sponsored Links
Old 22nd October 2010, 16:30
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts

Thanks a lot - I will review that chapter.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Wiki Italian Manual vaio1 General 0 27th January 2010 11:34
manual ispconfig 3 ilgio General 13 31st March 2009 17:45
ISPConfig 3.0.1 released till General 36 29th March 2009 15:30
ISPConfig Beta released till General 38 21st September 2008 20:15
ISPConfig Beta Released till General 77 23rd July 2008 13:14

All times are GMT +2. The time now is 10:43.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.