Hi,
when you set the parameter 'log_logins' to true in your Roundcube
configuration file, Roundcube logs failed logins to
<roundcubemail_installation_dir>/logs/userlogins.
See
https://github.com/roundcube/roundcubemail/blob/1.0.5/config/defaults.inc.php#L83-84
For me to get fail2ban catch failed logins with newer versions of
Roundcube, I had to update the filter in
/etc/fail2ban/filter.d/roundcube-auth.conf too:
#failregex = ^\s*(\[(\s[+-][0-9]{4})?\])?(%(__hostname)s roundcube:
IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in
.*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
failregex = Failed login for .*? from <HOST>
Regards,
Ralph
2015-04-30 20:10 GMT+02:00 Lee Clemens <[email protected]>:
> Hi All,
>
> I was hoping for some feedback regarding the roundcube-auth jail.
>
> It currently uses logpath = /var/log/roundcube/userlogins
>
> The only reference I can find to this log file is from the instructions
> to install the fail2ban plugin for roundcube from 2009.
>
> I'm using 1.0.5 (CentOS 6) now (1.1.1 is latest) and login errors are
> logged to /var/log/roundcubemail/errors. I assume at some point log in
> failures were not logged at all, creating the need for the fail2ban
> plugin...which seems no longer necessary.
>
> I'd like to change the default logpath for this jail from the one
> referenced by a very old and seemingly no longer necessary plugin to
> that of roundcube itself (/var/log/roundcubemail/errors), but wanted
> some feedback first (particularly from people on other platforms).
>
> Thanks,
> Lee Clemens
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
