Fail2ban and roundcube on CentOS 8

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fail2ban and roundcube on CentOS 8

Davide Perini
Hi all, guys.
Hope you are doing well on this holidays.

Is there someone who has fail2ban working on Centos 8 and roundcubemail?

My /var/log/roundcubemail/errors.log
looks like this
[28-Dec-2019 14:27:32 +0000]: <p2otg3ug> IMAP Error: Login failed for
perini.davide against localhost from ::1. AUTHENTICATE PLAIN:
Authentication failed. in
/usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line
200 (POST /webmail/?_task=login&_action=login)

my roundcube.conf looks like this

[Definition]
failregex = (.*) IMAP Error: Login failed for .* from
ignoreregex =


What is the problem?
Any idea?

Thanks
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fail2ban and roundcube on CentOS 8

SM Hosting.sk
Hi, you are missing <HOST> in the rule

failregex = (.*) IMAP Error: Login failed for .* from <HOST>

Or give this a try:

[INCLUDES]

before = common.conf

[Definition]

prefregex =
^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)?
IMAP Error)?: <F-CONTENT>.+</F-CONTENT>$

failregex = ^(?:FAILED login|Login failed) for <F-USER>.*</F-USER> from
<HOST>(?:(?:\([^\)]*\))?\. (?:(?! from ).)*(?: user=(?P=user))? in
\S+\.php on line \d+ \(\S+ \S+\))?$
                   ^(?:<[\w]+> )?Failed login for <F-USER>.*</F-USER>
from <HOST> in session \w+( \(error: \d\))?$

ignoreregex =

journalmatch = SYSLOG_IDENTIFIER=roundcube

Miro.

Dňa 28. 12. 2019 o 15:43 Davide Perini napísal(a):

> Hi all, guys.
> Hope you are doing well on this holidays.
>
> Is there someone who has fail2ban working on Centos 8 and roundcubemail?
>
> My /var/log/roundcubemail/errors.log
> looks like this
> [28-Dec-2019 14:27:32 +0000]: <p2otg3ug> IMAP Error: Login failed for
> perini.davide against localhost from ::1. AUTHENTICATE PLAIN:
> Authentication failed. in
> /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line
> 200 (POST /webmail/?_task=login&_action=login)
>
> my roundcube.conf looks like this
>
> [Definition]
> failregex = (.*) IMAP Error: Login failed for .* from
> ignoreregex =
>
>
> What is the problem?
> Any idea?
>
> Thanks
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fail2ban and roundcube on CentOS 8

@lbutlr
On 28 Dec 2019, at 08:32, SM Hosting.sk <[hidden email]> wrote:
> failregex = (.*) IMAP Error: Login failed for .* from <HOST>

Since the failure is from ::1 that is just going to hit localhost and fail2ban isn’t dumb enough to bad localhost.

If the from is not being logged properly, you cannot ban it.



--
Ninjas don't hug!
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users