# Roundcube Mailcow Fail2Ban Plugin #

This is a small Roundcube plugin for [Mailcow-Dockerized](https://github.com/mailcow/mailcow-dockerized) environments, which integrates failed logins from Roundcube into Mailcows' Fail2Ban filter.  
It writes an error message to the PHP-FPM log and the Fail2Ban Redis channel upon a failed login at the Roudncube web UI.  
Both IPv4 and IPv6 are supported if your Mailcow is set up to use either or both.

## Installation ##

To install this plugin, you first need to download the plugin files into the right directory.  
The following commands assume that your Mailcows' `docker-compose.yml` is located at `/opt/mailcow-dockerized`
and within that the directory `data/web/rc` containing your Roundcube installation.  
Adjust this path if necessary.  

```
wget -O /tmp/mailcow-f2b.tar.gz https://git.diskcat.com/Resneptacle/roundcube-mailcow-dockerized-fail2ban/archive/v1.0.tar.gz
tar -xvf /tmp/mailcow-f2b.tar.gz -C /tmp
mv /tmp/roundcube-mailcow-dockerized-fail2ban/mailcow_f2b /opt/mailcow-dockerized/data/web/rc/plugins
rm -r /tmp/mailcow-f2b.tar.gz /tmp/roundcube-mailcow-dockerized-fail2ban
```

After this, you need to enable the plugin, see below.

## Plugin Configuration ##

To enable the plugin, after you installed it into your Roundcube `plugin` directory, add `mailcow_f2b` to the enabled plugins list in the Roundcube `config.inc.php`,
which should be located at `/opt/mailcow-dockerized/data/web/rc/config/config.inc.php` following the above paths.  
If you need to overwrite the default Redis connection data (Host `redis-mailcow`, Port `6379`), add the following configuration variables to your `config.inc.php`:

```
$config['mailcow_f2b_redis_host'] = "redis-mailcow";
$config['mailcow_f2b_redis_port'] = 6379;
```

The `config.inc.php.example` file in this directory shows where to add the `mailcow_f2b` plugin, in case you are unsure.

## Mailcow Configuration ##

For Mailcow to react to failed Roundcube logins, you need to add a custom Regex filter in the Mailcow Admin Panel.  
For that, navigate to `System -> Configuration -> Options -> Fail2ban parameters`, scroll down to `[+] Regex filters` and click on it.  
This will open a list of predefined regex filters that Fail2Ban looks for. Click on `Add row` and paste the following text into the newly added row:

```
roundcube: failed login from ([a-fA-F0-9:\.]+)
```

Remember to hit `Save changes` too!  
Afterwards, Fail2Ban should start blocking IP addresses that generate failed login attemps above the thresholds set at the top of the Fail2Ban configuration page.  
For more general information on Mailcows' Fail2Ban integration, [see here](https://docs.mailcow.email/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/).

## Credits ##

This project is inspired by a [standalone Fail2Ban plugin for Roundcube](https://github.com/mattrude/rc-plugin-fail2ban) made by [@mattrude](https://github.com/mattrude) over on GitHub.