I'm having a problem getting fail2ban working with SOGo. (2.0.7 on
debian wheezy) There was a thread about this a while ago saying that
2.0.5 had fixed some logging of sogo for fail2ban to work -- I'm using
2.0.7. so I think this is a different issue.
When I use the webmail interface to SOGo and type in the wrong
username/password, the log file shows:
Aug 21 22:40:04 sogod [13156]: SOGoRootPage Login from '127.0.0.1' for
user 'asdf' might not have worked - password policy: 65535 grace: -1
expire: -1 bound: 0
The problem is the "Login from 127.0.0.1" -- for fail2ban, it needs the
ip on the user connecting, not the localhost ip. But since SOGo is
access via the local web server and not directly via the client, I'm not
sure how SOGo can get the ip address. Does this normally work for other
people, or am I missing something in how fail2ban gets the information
it needs. Or is there a trick to looking at the nginx/apache logs?
I don't think this is relevant, but I have configured SOGo to go through
an imapproxy running on localhost.
Also, does SOGo log login failures over the calDAV / cardDAV interface,
or just the direct webmail login?
Thanks!
Ben
--
[email protected]
https://inverse.ca/sogo/lists
