I wonder if one could user the webserver authentication and pass it to SOGo or roundcube. Than fail2ban will catch the ip from the http log.
SC From: Sebastián Meyer Sent: Tuesday, April 24, 9:51 AM Subject: [SOGo] webmail login attacks - captcha? To: users@sogo.nu Hi, I have a couple of compromissed webmail accounts, passwords wheren't easy to guess. I'd like to add an increasing delay for failed logins and a captcha, is it possible? For IMAP and SMTP access I use fail2ban, but using it for for webmail access DoS attacks would be unacceptable frequently, all logins are from localhost (127.0.0.1) TIA, -- Seb -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists