Hi all,
I have a mailserver with fail2ban on it. Some days ago I installed apache and roundcube webmail. It works fine, but when there are f.e. 5 failed logins fail2ban tries to ban the external IP, but because the request is coming from the webserver that is on the same server as my SMTP server, it bans its own external IP/ is there any way that roundcube could send out the external client IP, so that the connecting cliënt gets banned? I just dont want to host my webmail elsewhere.
Thanks!
Download myroundcube @ myroundcube - Project Hosting on Google Code (http://myroundcube.googlecode.com). Look at "dblog' plugin. It is not what you are looking for, but it shows you how to manipulate the logs. So it should be easy to create specific log entries for fail2ban.
Thanks for your help. I haven't been able to find that plugin. However, I came acros this one: RoundCube Fail2Ban Plugin – Matt Rude (http://mattrude.com/plugins/roundcube-fail2ban-plugin/) . Does this plugin do what I want: Block the external IP of the client that is connecting and not it's own external IP? Thanks!
Correct, the RoundCube Fail2Ban Plugin will output the offenders IP address to your logs so Fail2ban will block the correct IP address and not your webservers. you may want to white list your RoundCube/Email server's IP so you don't get locked out.
-Matt Rude
Thank you! This works like a charm!
Wonderful, im glad it works well for you:)