RoundCube Fail2Ban Plugin

RoundCube Fail2Ban Plugin is a small plugin that will display a failed login attempts in your syslog or userlogins log file. Using this information Fail2Ban will be able to block a user for a set amount of time.  The best part, the block is happening at the IP level and blocks the IP address, not the user they are trying to log in as.


  • tgz | zip | git – Version: 1.3 (2015-Sept-28)
  • tgz | zip | git – Version: 1.2 (2014-Jul-26)
  • tgz | zip | git – Version: 1.1 (2011-Jun-19)
  • tgz | zip | git – Version: 1.0 (2009-Jul-09)


  • Place this plugin folder into the RoundCube plugins directory (roundcube/plugins/)
  • Confirm the folder is named “fail2ban” after unzipping or untaring the download.
  • Add fail2ban to $rcmail_config[‘plugins’] in your RoundCube config (config/

Note: When downloading this plugin via git ( you will need to create a directory called fail2ban and place fail2ban.php in there, ignoring the root directory in the downloaded archive.  You may also run ‘git clone git:// fail2ban’ from the plugins directory.

Fail2Ban Setup


enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/www/html/roundcube/logs/userlogins

Or oldschool used a configuration simmiler to:

# 0.3 and up plugin-support

enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
sendmail-whois[name=RC-Webmail, [email protected], sender=fail2ban]
logpath  = /srv/www/htdocs/webmail/logs/userlogins


failregex = FAILED login for .*. from <HOST>
ignoreregex =


If you require support, please post to the comments below.

53 thoughts on “RoundCube Fail2Ban Plugin

    • Hey,

      thanks for your nice blog entry.

      I am using kolab v3.0 and roundcube is already logging to “/var/log/roundcubemail/userlogins”. Your filter should work. I added the roundcube jail and filter entry and set it to watch the logging file. Your filter should work by default.

  1. Hi, im trying this out,
    my login failure writes to the file, put is there any failure in my regex?

    [22-Feb-2014 19:51:28 +0100]: FAILED login for from

    failregex = FAILED login for .*. from
    ignoreregex =

    • Then add the line

      ignoreip = [office ip address] to the fail2ban/jail.conf: entry;

      enabled = true
      port = http,https
      filter = roundcube
      action = iptables-multiport[name=roundcube, port=”http,https”]
      logpath = /var/www/html/roundcube/logs/userlogins
      Ignoreip = 123.456.789.0/24

  2. Hi, I put this entry in jail.local and created the roundcube filter in filter.d and it’s crashing fail2ban..

    I’m using Debian Wheezy and everything is up to date.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.