RoundCube Fail2Ban Plugin is a small plugin that will display a failed login attempts in your syslog or userlogins log file. Using this information Fail2Ban will be able to block a user for a set amount of time. The best part, the block is happening at the IP level and blocks the IP address, not the user they are trying to log in as.
Download
- tgz | zip | git – Version: 1.3 (2015-Sept-28)
- tgz | zip | git – Version: 1.2 (2014-Jul-26)
- tgz | zip | git – Version: 1.1 (2011-Jun-19)
- tgz | zip | git – Version: 1.0 (2009-Jul-09)
Install
- Place this plugin folder into the RoundCube plugins directory (roundcube/plugins/)
- Confirm the folder is named “fail2ban” after unzipping or untaring the download.
- Add fail2ban to $rcmail_config[‘plugins’] in your RoundCube config (config/main.inc.php)
Note: When downloading this plugin via git (http://github.com/mattrude/rc-plugin-fail2ban) you will need to create a directory called fail2ban and place fail2ban.php in there, ignoring the root directory in the downloaded archive. You may also run ‘git clone git://github.com/mattrude/rc-plugin-fail2ban.git fail2ban’ from the plugins directory.
Fail2Ban Setup
fail2ban/jail.conf:
[roundcube] enabled = true port = http,https filter = roundcube action = iptables-multiport[name=roundcube, port="http,https"] logpath = /var/www/html/roundcube/logs/userlogins
Or oldschool used a configuration simmiler to:
[roundcube] # 0.3 and up plugin-support enabled = true port = http,https filter = roundcube action = iptables-multiport[name=roundcube, port="http,https"] sendmail-whois[name=RC-Webmail, [email protected], sender=fail2ban] logpath = /srv/www/htdocs/webmail/logs/userlogins
fail2ban/filter.d/roundcube.conf:
[Definition] failregex = FAILED login for .*. from <HOST> ignoreregex =
Support
If you require support, please post to the comments below.
Hi guys,
please review/feedback (e.g. more sample log lines which are not yet matched by provided failregex) on https://github.com/fail2ban/fail2ban/pull/283
cheers
Hey,
thanks for your nice blog entry.
I am using kolab v3.0 and roundcube is already logging to “/var/log/roundcubemail/userlogins”. Your filter should work. I added the roundcube jail and filter entry and set it to watch the logging file. Your filter should work by default.
thanks for this blog entry
Hi, im trying this out,
my login failure writes to the file, put is there any failure in my regex?
[22-Feb-2014 19:51:28 +0100]: FAILED login for from 192.168.1.10
failregex = FAILED login for .*. from
ignoreregex =
Solved:
it should be in this way on my version:
failregex = ^.*FAILED login for from
Working as a charm on virtual servers environment (multiples logs) inside virtualmin/webmin. Many thanks buddy!!
One major issue with using IP address is that, it could block the entire office from accessing after one employee types in a wrong password several times…
Then add the line
ignoreip = [office ip address] to the fail2ban/jail.conf: entry;
[roundcube]
enabled = true
port = http,https
filter = roundcube
action = iptables-multiport[name=roundcube, port=”http,https”]
logpath = /var/www/html/roundcube/logs/userlogins
Ignoreip = 123.456.789.0/24
Hi, I put this entry in jail.local and created the roundcube filter in filter.d and it’s crashing fail2ban..
I’m using Debian Wheezy and everything is up to date.
have you tried it Centos 7 + roundcubemail-1.1.7 . i tried but cuould