Snep
9c3f31a45a
|
4 weeks ago | |
---|---|---|
mailcow_f2b | 4 weeks ago | |
LICENSE | 4 weeks ago | |
README.md | 4 weeks ago | |
config.inc.php.example | 4 weeks ago |
README.md
Roundcube Mailcow Fail2Ban Plugin
This is a small Roundcube plugin for Mailcow-Dockerized environments, which integrates failed logins from Roundcube into Mailcows' Fail2Ban filter.
It writes an error message to the PHP-FPM log and the Fail2Ban Redis channel upon a failed login at the Roudncube web UI.
Both IPv4 and IPv6 are supported if your Mailcow is set up to use either or both.
Installation
To install this plugin, you first need to download the plugin files into the right directory.
The following commands assume that your Mailcows' docker-compose.yml
is located at /opt/mailcow-dockerized
and within that the directory data/web/rc
containing your Roundcube installation.
Adjust this path if necessary.
wget -O /tmp/mailcow-f2b.tar.gz https://git.diskcat.com/Resneptacle/roundcube-mailcow-dockerized-fail2ban/archive/v1.0.tar.gz
tar -xvf /tmp/mailcow-f2b.tar.gz -C /tmp
mv /tmp/roundcube-mailcow-dockerized-fail2ban/mailcow_f2b /opt/mailcow-dockerized/data/web/rc/plugins
rm -r /tmp/mailcow-f2b.tar.gz /tmp/roundcube-mailcow-dockerized-fail2ban
After this, you need to enable the plugin, see below.
Plugin Configuration
To enable the plugin, after you installed it into your Roundcube plugin
directory, add mailcow_f2b
to the enabled plugins list in the Roundcube config.inc.php
,
which should be located at /opt/mailcow-dockerized/data/web/rc/config/config.inc.php
following the above paths.
If you need to overwrite the default Redis connection data (Host redis-mailcow
, Port 6379
), add the following configuration variables to your config.inc.php
:
$config['mailcow_f2b_redis_host'] = "redis-mailcow";
$config['mailcow_f2b_redis_port'] = 6379;
The config.inc.php.example
file in this directory shows where to add the mailcow_f2b
plugin, in case you are unsure.
Mailcow Configuration
For Mailcow to react to failed Roundcube logins, you need to add a custom Regex filter in the Mailcow Admin Panel.
For that, navigate to System -> Configuration -> Options -> Fail2ban parameters
, scroll down to [+] Regex filters
and click on it.
This will open a list of predefined regex filters that Fail2Ban looks for. Click on Add row
and paste the following text into the newly added row:
roundcube: failed login from ([a-fA-F0-9:\.]+)
Remember to hit Save changes
too!
Afterwards, Fail2Ban should start blocking IP addresses that generate failed login attemps above the thresholds set at the top of the Fail2Ban configuration page.
For more general information on Mailcows' Fail2Ban integration, see here.
Credits
This project is inspired by a standalone Fail2Ban plugin for Roundcube made by @mattrude over on GitHub.