search

mguessan / davmail

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at
http://davmail.sourceforge.net
GNU General Public License v2.0
580 stars 86 forks source link

Include client IP address in authentication failure logs #43

Open nemequ opened 5 years ago

nemequ commented 5 years ago

I'd like to set up fail2ban to work with davmail, but it looks like the log doesn't include the client IP address for "Authentication failed" messages.

Even discounting fail2ban's needs, I think this would be good information to include in the log.

mguessan commented 5 years ago

The client IP address is available with davmail.connection log statements.

nemequ commented 5 years ago

Is that a different file than the one that davmail.logFilePath points to? I don't see any other logging files in the davmail.properties distributed with the RPM, and the IP address isn't included in that log.

mguessan commented 5 years ago

By default connections log statements are stored in davmail.log, look for lines with davmail.connection

You can also create a separate logging file by adding the following lines in log4j.properties:

log4j.logger.davmail.connection=DEBUG, ConnectionAppender

log4j.appender.ConnectionAppender=org.apache.log4j.FileAppender
log4j.appender.ConnectionAppender.file=davmailconnection.log
log4j.appender.ConnectionAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.ConnectionAppender.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c %x - %m%n
nemequ commented 5 years ago

I'm not sure where log4j.properties is supposed to go; find / -name log4j.properties doesn't show any hits. Those also look like the logging lines in davmail.properties, but adding them there doesn't seem to do any good.

I did manage to get davmail to generate the data I needed by changing log4j.logger.davmail from WARN (the default, at least for the RPMs) to INFO. I really think it should be enabled by default, maybe logging to a separate file (preferably without backtraces for warnings), but that's just my opinion.

Now that I'm getting the data I need I was also able to get fail2ban working. I created an /etc/fail2ban/filter.d/davmail.conf with the following contents:


before = common.conf

[Definition]

failregex = ^ INFO  \[.+\] davmail\.connection +\- FAILED \- <HOST>\:[0-9]+ (.+)$

ignoreregex =

Then added this to my /etc/fail2ban/jail.local:

port    = 1080,1143,1389,1110,1025
logpath = /var/log/davmail.log
enabled = true

You may need to tweak the ports to match the ports davmail is listening on. I've only tested with IMAP failures so far.

I'll leave the issue open for the question of enabling the necessary logs by default.

mguessan commented 5 years ago

Thanks for your feedback and sorry for the lack of details in my answer.

The log4j.properties is located inside davmail.jar. In order to override default config you can either replace log4j.properties with jar uvf, or create a new log4j.properties in a separate directory and add this directory in java classpath before davmail.jar

nemequ commented 5 years ago

Ah, that explains it nicely, thank you.

Sorry, I avoid Java whenever possible; I'm afraid my Java knowledge has largely atrophied.

mguessan commented 4 years ago

We should make this easier to use by creating a new dedicated setting to set connection log path and create log4j config accordingly