I'm trying to set up fail2ban for Roundcube 0.8.1 which is the latest version.
I've found several instructions for earlier versions of Roundcube like this one
, but the log format used back then seems to be a lot different to mine.
This is what I have and what is happening:
enabled = true
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port="http,https"]
logpath = /var/log/roundcubemail/errors
maxretry = 2
failregex = IMAP Error: Login failed for .* from <HOST>
in /var/log/roundcubemail/errors I see
[30-Aug-2012 12:18:01 +0800]: IMAP Error: Login failed for firstname.lastname@example.org from 22.214.171.124. AUTHENTICATE PLAIN: Authentication failed. in /var/www/html/shared/roundcubemail-0.8.1/program/include/rcube_imap.php on line 191 (POST /?_task=login&_action=login)
in /var/log/fail2ban.log I get
2012-08-30 12:18:02,466 fail2ban.filter : WARNING Unable to find a corresponding IP address for 126.96.36.199.
Now I guess the problem is the 'failregex' line of roundcube.conf, but regex isn't something I'm good at. Please can someone tell me what I need on that line?