RoundCube Fail2Ban Plugin

RoundCube Fail2Ban Plugin is a small plugin that will display a failed login attempts in your syslog or userlogins log file. Using this information Fail2Ban will be able to block a user for a set amount of time.  The best part, the block is happening at the IP level and blocks the IP address, not the user they are trying to log in as.

Download

  • tgz | zip | git – Version: 1.1 (2011-Jun-19)
  • tgz | zip | git – Version: 1.0 (2009-Jul-09)

Install

  • Place this plugin folder into the RoundCube plugins directory (roundcube/plugins/)
  • Confirm the folder is named “fail2ban” after unzipping or untaring the download.
  • Add fail2ban to $rcmail_config['plugins'] in your RoundCube config (config/main.inc.php)

Note: When downloading this plugin via git (http://github.com/mattrude/rc-plugin-fail2ban) you will need to create a directory called fail2ban and place fail2ban.php in there, ignoring the root directory in the downloaded archive.  You may also run ‘git clone git://github.com/mattrude/rc-plugin-fail2ban.git fail2ban’ from the plugins directory.

Fail2Ban Setup

fail2ban/jail.conf:

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/www/html/roundcube/logs/userlogins

Or oldschool used a configuration simmiler to:

[roundcube]
# 0.3 and up plugin-support

enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
sendmail-whois[name=RC-Webmail, dest=you@example.com, sender=fail2ban]
logpath  = /srv/www/htdocs/webmail/logs/userlogins

fail2ban/filter.d/roundcube.conf:

[Definition]
failregex = FAILED login for .*. from <HOST>
ignoreregex =

Support

If you require support, please post to the comments below.

50 thoughts on “RoundCube Fail2Ban Plugin

    • Hey,

      thanks for your nice blog entry.

      I am using kolab v3.0 and roundcube is already logging to “/var/log/roundcubemail/userlogins”. Your filter should work. I added the roundcube jail and filter entry and set it to watch the logging file. Your filter should work by default.

  1. Hi, im trying this out,
    my login failure writes to the file, put is there any failure in my regex?

    [22-Feb-2014 19:51:28 +0100]: FAILED login for from 192.168.1.10

    failregex = FAILED login for .*. from
    ignoreregex =

Leave a Reply