Roundcube Community Forum
Third Party Contributions => API Based Plugins => Topic started by: mdr on July 09, 2009, 09:20:29 AM
-
I have been asked to build a plugin to allow Fail2Ban logging output from Roundcube. Last night I got around to doing it.
RoundCube Fail2Ban Plug in is a small plugin that will display failed login attempts to your syslog or userlogins log file. Using this information Fail2Ban be able to block a user for a set amount of time. The best part, the block is at the IP level and blocks the IP address, not the user they are try to log in as.
You should be able to just drop the top folder in your plugins director and add the entry to your main.php
RoundCube Fail2Ban Plugin (http://mattrude.com/projects/roundcube-fail2ban-plugin/)
If you have any questions, let me know.
-Matt
-
Niiice, will have a try...
Thanx!
-
thanks for the plugin. please consider adding it to the Plugin_Repository (http://trac.roundcube.net/wiki/Plugin_Repository)
-
I would like to inform you all it´s working great on Suse 11.1 after small modifications.
:-)
Rgds.
-
Great, it was built on Fedora, I'm glad it works under Suse. What modifications did you need to make?
JohnDoh, I have added it to the list, and I would like to thank you for the SpamAssassin User Prefs plugin. I have been using it since before it was a plugin, and it has always been a great feature.
-
Hi!
The jail.conf needs little modifications...
Thanx!
-
oldschool, how did you need to modify the jail.conf file?
-
Very nice. Working just as it should I think, only thing is that when banned the login page just sits there trying to login forever pretty much.
Should it display some sort of message or something at login page?
I am using debian lenny and one little "special thingy" with my install is php-mdb2-driver-mysql_1.5.0b from backports to get mysql working with roundcube.
-
For me the jail looks like this on Opensuse 11.1:
--- schnipp ---
[roundcube]
# 0.3 and up plugin-support
enabled = false
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port=http,https]
sendmail-whois[name=RC-Webmail, dest=root@weiss-du-doch.nett, sender=fail2ban]
logpath = /srv/www/htdocs/webmail/logs/userlogins
--- schnapp ---
Rgds.
-
GOOD plugin
-
... only thing is that when banned the login page just sits there trying to login forever pretty much.
Should it display some sort of message or something at login page?
jannol, since the client is blocked at the IP level and not via RoundCube, the blocked user is no longer "talking" to your webserver so we can not show a message saying anything.
If the blocked client were to do a refresh they should get a "Server not found" type message since the webserver will no longer respond to that clients IP address.
-
For me the jail looks like this on Opensuse 11.1:
--- schnipp ---
[roundcube]
# 0.3 and up plugin-support
enabled = false
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port=http,https]
sendmail-whois[name=RC-Webmail, dest=root@weiss-du-doch.nett, sender=fail2ban]
logpath = /srv/www/htdocs/webmail/logs/userlogins
--- schnapp ---
Rgds.
Thanks oldschool, I have added your configuration to my how to for this plugin.
-
I just noticed it has to be "enabled = true"...
;-)
Rgds.
-
I've got 2 Roundcube incarnations on a web hosters resource.
The one which triggers the localhosts IMAP does work.
The one which triggers another IMAP server on a different host does not work. The log\userlogins file gets entries, but I can do failures as many as I want, I'm not getting locked. Whats wrong? Of course RC plugin is active in the main config files array.
(rcdir\plugins\fail2ban\jail.conf)
[roundcube]
enabled = true
port = http,https
filter = roundcube
logpath = /www/htdocs/blah/rc_sks/logs/errors
maxretry = 5
findtime = 300
bantime = 900
[roundcube-24hr]
enabled = true
port = http,https
filter = roundcube-24hr
logpath = /www/htdocs/blah/rc_sks/logs/fail2ban.log
maxretry = 10
findtime = 1800
bantime = 86400
(rcdir\plugins\fail2ban\filter.d\roundcube.conf)
[Definition]
failregex = IMAP Error: Authentication for .* \(\) failed \((?:LOGIN|AUTH)\):
ignoreregex =
Thanks!
-
I've got 2 Roundcube incarnations on a web hosters resource.
The one which triggers the localhosts IMAP does work.
The one which triggers another IMAP server on a different host does not work. The log\userlogins file gets entries, but I can do failures as many as I want, I'm not getting locked. Whats wrong? Of course RC plugin is active in the main config files array.
(rcdir\plugins\fail2ban\jail.conf)
[roundcube]
enabled = true
port = http,https
filter = roundcube
logpath = /www/htdocs/blah/rc_sks/logs/errors
maxretry = 5
findtime = 300
bantime = 900
[roundcube-24hr]
enabled = true
port = http,https
filter = roundcube-24hr
logpath = /www/htdocs/blah/rc_sks/logs/fail2ban.log
maxretry = 10
findtime = 1800
bantime = 86400
(rcdir\plugins\fail2ban\filter.d\roundcube.conf)
[Definition]
failregex = IMAP Error: Authentication for .* \(\) failed \((?:LOGIN|AUTH)\):
ignoreregex =
Thanks!
Hi!
Your prob could have many causes.
For me i noticed the iptable action is not working very well and i switched to the "route"-ban command.
In your case i would you to try out your "failregex filter".
Many OSes interpreting this different.
Have a nice day!
Rgds.
-
Update for Opensuse 11.1:
--- schnipp ---
[roundcube]
# 0.3 and up plugin-support
enabled = true
filter = roundcube
action = route
sendmail-whois[name=RC-Webmail, dest=root@weiss-du-doch.nett, sender=fail2ban]
logpath = /srv/www/htdocs/webmail/logs/userlogins
--- schnapp ---
The Route-Ban Action:
--- schnipp ---
# Fail2Ban configuration file
[Definition]
actionban = ip route add unreachable ;
actionunban = ip route del unreachable ;
--- schnapp ---
The IP-Table ban action makes probs.
So this route-action is more usefull for Opensuse.
Rgds.
-
Why don't you just set imap rules for fail2ban?
-
Why don't you just set imap rules for fail2ban?
If you asked me:
As stated above, got some probs with MY opensuse systems.
So i decided to use the route command...
And the effect is the same: the blackhead is banned!
;)
Rgds.
-
I'm trying to get this to work on IIS is there a semi- preconfigured folder or zip file? I have tried all the jail.conf and all that diffrent stuff and can't seem to get it to work...
-
IIRC there is no version of fail2ban for windows, do you have fail2ban installed?
(fail2ban is a bit of secuirty software, its nothing to do with roundcube)
-
Ya its installed but i just don't have it setup properly. There are many diffrent config version floating around i don't know which one to use.
-
Ya its installed but i just don't have it setup properly. There are many diffrent config version floating around i don't know which one to use.
Hi!
Take a look at the original files.
There are 3 groups:
- config
- filter
- action
It´s not so hard to understand the conception...
Rgds.