On 12/09/11 14:44, Domenico Fortunato wrote:
You can configure fail2ban for Squirrelmail login attempts if you
install the squirrel_logger plugin into Squirrelmail.
Tune up the configuration files:
in my /etc/fail2ban/jail.conf
[squirrelmail-iptables]
enabled = true
filter = squirrelmail
action = iptables[name=SquirrelMail, port=http, protocol=tcp]
sendmail-whois[name=SquirrelMail,dest=root,
sender=fail2...@example.it]
logpath = /var/log/squirrelmail.log
maxretry = 5
Also, the squirrelmail.conf:
# Fail2Ban configuration file
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[LOGIN_ERROR\].*from <HOST>: Utente sconosciuto o
password errata
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
*Warning:* the failregex value must match the line written in
squirrelmail.log (it's in italian language for me :-) )
For more info search for "squirrelmail fail2ban" in your preferred
search engine.
I hope it help.
Domenico Fortunato.
added to http://wiki.qmailtoaster.com/index.php/Fail2Ban
while tidying it up,
please check it again to make sure your rule is correctly written