2013-01-31 19:39:59 +00:00
# Fail2Ban configuration file for roundcube web server
#
2015-04-30 18:09:20 +00:00
# By default failed logins are printed to 'errors'. The first regex matches those
# The second regex matches those printed to 'userlogins'
# The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php
2013-01-31 19:39:59 +00:00
#
2015-04-30 18:09:20 +00:00
# The logpath in your jail can be updated to userlogins if you wish
2013-01-31 19:39:59 +00:00
#
2013-07-09 16:48:12 +00:00
[INCLUDES]
before = common.conf
2013-01-31 19:39:59 +00:00
[Definition]
2015-05-11 16:40:10 +00:00
failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
2013-01-31 19:39:59 +00:00
ignoreregex =
2013-11-12 07:57:01 +00:00
# DEV Notes:
#
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
#
# Part after <HOST> comes straight from IMAP server up until the " in ....."
# Earlier versions didn't log the IMAP response hence optional.
#
# DoS resistance:
#
# Assume that the user can inject "from <HOST>" into the imap response
2014-01-07 04:38:52 +00:00
# somehow. Write test cases around this to ensure that the combination of
# arbitrary user input and IMAP response doesn't inject the wrong IP for
2013-11-12 07:57:01 +00:00
# fail2ban
#
2015-04-30 18:09:20 +00:00
# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens