Release Support > Pending Issues
Fail2Ban
elliot46:
I looked for many tutorial, and i am doing this step:
install service
in /etc/fail2ban copy jail.conf to jail.local
edit jail.local
in "roundcube-auth" session add:
enabled = true
maxretry = 2
bantime = 3600
logpath = /var/log/mail.log
i try wrong login to Roundcube Webmail, but i received always "login failed", never other message.
with "sudo fail2ban-client status roundcube-auth" command, i am not viewing error...
Where am I doing wrong?
thanks
Dmitry42:
It's because Roundcube not write errors to log file. You can see olny imap or smtp errors - but with your local Roundcube server IP.
For example my wrong attempt:
--- Quote ---May 15 18:06:37 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<Dmitry42@******.ru>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<g7QFzbz7vMd/AAAB>
--- End quote ---
Fail2ban can find this errors but - it will ban your "rip=127.0.0.1" - its your local server IP. you ban himself.
So if you want block users who use roundcube web interface - you must find way to write wrong attempts from Roundcube php script to mail.log.
I google it and find some like this: https://mattrude.com/projects/roundcube-fail2ban-plugin/
https://www.roundcubeforum.net/index.php/topic,5002.15.html
but not sure that its work now on modern RC.
Dmitry42:
after I find:
https://community.nethserver.org/t/fail2ban-and-webmail-roundcube/10831
https://www.computersolutions.cn/blog/2014/06/roundcube-login-attack-prevention-with-fail2ban/
https://grinux.wordpress.com/2012/09/04/make-fail2ban-monitor-roundcube-authentication-access/
as I can see fail2ban can work with roundcube logs, so you can enable it and use for blocking.
elliot46:
Thanks.
I try to understand and set what you wrote to me.
Dmitry42:
I try another words)
By default Roundcube not write logs to system logs - because Roundcube not system service -its application written and working on php script. For your mail server (IMAP and SMTP daemons) Roundcube its just mail client - like your iPhone mail app, or outlook, or another mail client. If you install another mail client on your server (for example outlook, thunderbird or another) - it will be the same as roundcube installation.
So its the reason why your system log contain only IMAP or SMTP messages, and not contain messages from any mail clients (roundcube in our case).
BUT
1. You can use plugin for RC who can write RC messages to system logs (not sure that its good idea - plugin too old)
2. You can analyse Rouncube logs with fail2ban - as you use fail2ban for analyse system mail.log. About this you can read in link in my previous post.
Navigation
[0] Message Index
[*] Previous page
Go to full version