Resneptacle
/
roundcube-mailcow-dockerized-fail2ban
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7c7cad7864'
${ noResults }
roundcube-mailcow-dockerize.../README.md

2.9 KiB
Raw Blame History

Roundcube Mailcow Fail2Ban Plugin

This is a small Roundcube plugin for Mailcow-Dockerized environments, which integrates failed logins from Roundcube into Mailcows' Fail2Ban filter.
It writes an error message to the PHP-FPM log and the Fail2Ban Redis channel upon a failed login at the Roudncube web UI.
Both IPv4 and IPv6 are supported if your Mailcow is set up to use either or both.

Installation

To install this plugin, you first need to download the plugin files into the right directory.
The following commands assume that your Mailcows' docker-compose.yml is located at /opt/mailcow-dockerized and within that the directory data/web/rc containing your Roundcube installation.
Adjust this path if necessary.

wget -O /tmp/mailcow-f2b.tar.gz https://git.diskcat.com/Resneptacle/roundcube-mailcow-dockerized-fail2ban/archive/v1.0.tar.gz
tar -xvf /tmp/mailcow-f2b.tar.gz -C /tmp
mv /tmp/roundcube-mailcow-dockerized-fail2ban/mailcow_f2b /opt/mailcow-dockerized/data/web/rc/plugins
rm -r /tmp/mailcow-f2b.tar.gz /tmp/roundcube-mailcow-dockerized-fail2ban

After this, you need to enable the plugin, see below.

Plugin Configuration

To enable the plugin, after you installed it into your Roundcube plugin directory, add mailcow_f2b to the enabled plugins list in the Roundcube config.inc.php, which should be located at /opt/mailcow-dockerized/data/web/rc/config/config.inc.php following the above paths.
If you need to overwrite the default Redis connection data (Host redis-mailcow, Port 6379), add the following configuration variables to your config.inc.php:

$config['mailcow_f2b_redis_host'] = "redis-mailcow";
$config['mailcow_f2b_redis_port'] = 6379;

The config.inc.php.example file in this directory shows where to add the mailcow_f2b plugin, in case you are unsure.

Mailcow Configuration

For Mailcow to react to failed Roundcube logins, you need to add a custom Regex filter in the Mailcow Admin Panel.
For that, navigate to System -> Configuration -> Options -> Fail2ban parameters, scroll down to [+] Regex filters and click on it.
This will open a list of predefined regex filters that Fail2Ban looks for. Click on Add row and paste the following text into the newly added row:

roundcube: failed login from ([a-fA-F0-9:\.]+)

Remember to hit Save changes too!
Afterwards, Fail2Ban should start blocking IP addresses that generate failed login attemps above the thresholds set at the top of the Fail2Ban configuration page.
For more general information on Mailcows' Fail2Ban integration, see here.

Credits

This project is inspired by a standalone Fail2Ban plugin for Roundcube made by @mattrude over on GitHub.