# fail2ban with roundcube [SOLVED]

## asankaan

Hi,

I'm using roundcube 0.5.1 with fail2ban 0.8.4-r2 on a gentoo box.

I need to block brute force attacks on roundcube.

I added following to jail.conf

```

[roundcube]

enabled  = true

port     = https

filter   = roundcube

action   = iptables-multiport[name=Roundcube, port="https,443", protocol=tcp]

logpath  = /var/www/localhost/htdocs/roundcube/logs/errors

maxretry = 3

bantime = 3600

```

my filter.d / roundcube.conf

```

[Definition]

failregex = IMAP Error: Login failed for .* from <HOST>

ignoreregex =

```

I receive the following error when an authentication error occurs:

2011-03-09 13:00:50,933 fail2ban.filter : WARNING Unable to find a corresponding IP address for 192.168.1.10.

*192.168.1.10 is a host in my LAN.

Anyone have any idea where i've gone wrong?

Thanks in advance

AsankaLast edited by asankaan on Sat Mar 12, 2011 10:31 am; edited 1 time in total

----------

## M

I don't think you can do it like this. You actually want to stop brute force attacks against imap server, better configure or use predefined filter for your imap server, dovecot, courier etc. 

Edit: I see now, you don't have imap port visible from outside, only web app, so you want to block 443...

There was a similar thread, https://forums.gentoo.org/viewtopic-t-704833-start-0.html , also, you don't need multiport for https

----------

## asankaan

Hi,

Thanks for the reply.

Actually I've not exposed my IMAP server & only the https access is needs to be protected.

I could solve the problem by changing jail.conf to

```

[roundcube]

enabled  = true

port     = https

filter   = roundcube

action   = iptables[name=roundcube, port="https"]

logpath  = /var/www/localhost/htdocs/roundcube/logs/errors

bantime = 3600

maxretry = 5

```

& filters.d/roundcube.conf to

```

[Definition]

failregex = IMAP Error: Login failed for <HOST>

ignoreregex =

```

Thanks,

Asanka

----------

## asankaan

Hi,

Thanks for the reply.

Actually I've not exposed my IMAP server & only the https access is needs to be protected.

I could solve the problem by changing jail.conf to

```

[roundcube]

enabled  = true

port     = https

filter   = roundcube

action   = iptables[name=roundcube, port="https"]

logpath  = /var/www/localhost/htdocs/roundcube/logs/errors

bantime = 3600

maxretry = 5

```

& filters.d/roundcube.conf to

```

[Definition]

failregex = IMAP Error: Login failed for <HOST>

ignoreregex =

```

Thanks,

Asanka

----------

## asankaan

Hi,

Thanks for the reply.

Actually I've not exposed my IMAP server & only the https access is needs to be protected.

I could solve the problem by changing jail.conf to

```

[roundcube]

enabled  = true

port     = https

filter   = roundcube

action   = iptables[name=roundcube, port="https"]

logpath  = /var/www/localhost/htdocs/roundcube/logs/errors

bantime = 3600

maxretry = 5

```

& filters.d/roundcube.conf to

```

[Definition]

failregex = IMAP Error: Login failed for <HOST>

ignoreregex =

```

Thanks,

Asanka

----------

