Open jlauzer11 opened 4 years ago
Just a guess: the timestamp is missing.
; Enable auth logging in a separate file (for fail2ban) auth_logging = Off auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
Timestamp is indeed missing. Also, on my system (Ubuntu 18.04), I had to add a static "+0000" UTC offset value to the logging format before fail2ban would parse it. Rainloop as of 1.14.0 only prints timestamps without any offset in its logs, so unless your system is running in the UTC/GMT time zone, you may need this anyway.
grep "auth_logging_format" /var/www/rainloop/data/data/default/configs/application.ini
auth_logging_format = "[{date:Y-m-d H:i:s} +0000] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
tail -n1 /var/www/rainloop/data/data/default/logs/fail2ban/auth.log
[2020-06-15 13:36:04 +0000] Auth failed: ip=1.2.3.4 user=testfail host=domain.com port=imap
grep "1\.2\.3\.4" /var/log/fail2ban.log
2020-06-15 15:36:05,042 fail2ban.filter [684]: INFO [rainloop] Found 1.2.3.4 - 2020-06-15 15:36:04
Hi All,
I have Fail2ban working with Dovecot, SSH, Apache, and Postfix. I'm not able to get this to work with Rainloop. It looks like everything is correct, it just does not block after the max attempts. Here are my settings:
sudo nano /var/www/html/webmail/data/data/default/configs/application.ini
sudo nano /etc/fail2ban/filter.d/rainloop.conf
sudo nano /etc/fail2ban/jail.local
sudo nano /var/www/html/webmail/data/data/default/logs/fail2ban/auth.log
sudo fail2ban-client -i
Any thoughts on what might be wrong in my configuration?