My understanding of SquirrelMail is old (limited) because so many of my users prefer the RoundCube (I offer both)... You get 1 if you go to mail.domain and the other if you go to webmail.domain
In any case, I will have to look but I thought SM didn't write system logs when users failed on auth... perhaps there is a way to turn that on? Also, I will want/need a similar solution for RC.... Thanks for sharing your config tho! Dan -----Original Message----- From: CarlC Internet Services Service Desk [mailto:ab...@carlc.com] Sent: Friday, December 29, 2017 11:53 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Fail2ban for Squirrelmail. Dan, I have it working showing the IP address: In /etc/fail2ban/jail.conf: # squirrelmail [squirrelmail-iptables] enabled = true filter = squirrelmail action = iptables[name=SquirrelMail, port=http, protocol=tcp] sendmail-squirrelmail[name=SquirrelMail,dest=ab...@carlc.com, sender=ab...@carlc.com] # adjust logpath with Squirrelmail's squirrel_logger plugin log logpath = /var/log/squirrelmail.log maxretry = 5 -----Then in /etc/fail2ban/filter.d/squirrelmail.conf [Definition] failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$ ignoreregex = [Init] datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S # DEV NOTES: # # Author: Daniel Black ----For sendmail-squirrelmail in /etc/fail2ban/action.d, I copied sendmail-whois-lines.conf to sendmail-squirrelmail.conf and changed the very last line to: # Path to the log files which contain relevant lines for the abuser IP # logpath = /var/log/squirrelmail.log I hope this helps... Carl --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com