My understanding of SquirrelMail is old (limited) because so many of my users 
prefer the RoundCube (I offer both)... You get 1 if you go to mail.domain and 
the other if you go to webmail.domain

In any case, I will have to look but I thought SM didn't write system logs when 
users failed on auth... perhaps there is a way to turn that on?
Also, I will want/need a similar solution for RC....

Thanks for sharing your config tho!


-----Original Message-----
From: CarlC Internet Services Service Desk [] 
Sent: Friday, December 29, 2017 11:53 AM
Subject: [qmailtoaster] Fail2ban for Squirrelmail.


I have it working showing the IP address:

In /etc/fail2ban/jail.conf:

# squirrelmail
enabled  = true
filter   = squirrelmail
action   = iptables[name=SquirrelMail, port=http, protocol=tcp]
           sendmail-squirrelmail[name=SquirrelMail,,] # adjust logpath with Squirrelmail's squirrel_logger 
plugin log logpath  = /var/log/squirrelmail.log maxretry = 5

-----Then in /etc/fail2ban/filter.d/squirrelmail.conf


failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password 

ignoreregex =


datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S

# Author: Daniel Black

----For sendmail-squirrelmail in /etc/fail2ban/action.d, I copied 
sendmail-whois-lines.conf to sendmail-squirrelmail.conf and changed the very 
last line to:

# Path to the log files which contain relevant lines for the abuser IP # 
logpath = /var/log/squirrelmail.log

I hope this helps...

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to