RoundCube Fail2Ban Plugin
RoundCube Fail2Ban Plugin is a small plugin that will display a failed login attempts in your syslog or userlogins log file. Using this information Fail2Ban will be able to block a user for a set amount of time. The best part, the block is happening at the IP level and blocks the IP address, not the user they are trying to log in as.
- Place this plugin folder into the RoundCube plugins directory (roundcube/plugins/)
- Confirm the folder is named “fail2ban” after unzipping or untaring the download.
- Add fail2ban to $rcmail_config[‘plugins’] in your RoundCube config (config/main.inc.php)
Note: When downloading this plugin via git (http://github.com/mattrude/rc-plugin-fail2ban) you will need to create a directory called fail2ban and place fail2ban.php in there, ignoring the root directory in the downloaded archive. You may also run ‘git clone git://github.com/mattrude/rc-plugin-fail2ban.git fail2ban’ from the plugins directory.
[roundcube] enabled = true port = http,https filter = roundcube action = iptables-multiport[name=roundcube, port="http,https"] logpath = /var/www/html/roundcube/logs/userlogins
Or oldschool used a configuration simmiler to:
[roundcube] # 0.3 and up plugin-support enabled = true port = http,https filter = roundcube action = iptables-multiport[name=roundcube, port="http,https"] sendmail-whois[name=RC-Webmail, firstname.lastname@example.org, sender=fail2ban] logpath = /srv/www/htdocs/webmail/logs/userlogins
[Definition] failregex = FAILED login for .*. from <HOST> ignoreregex =
If you require support, please post to the comments below.