Basic Configuration

Postgres Backend

Postgres may be used to store roundcube data in a centralized location. This assumes that Postgresql is already configured, with an empty database for roundcube to use (see Creating A Database).

The roundcube DB schema is defined in the roundcube respository.

Import the Roundcube DB schema.

psql -U roundcube -f SQL/postgres.initial.sql roundcube

fail2ban Setup

Enable fail2ban for MTA and MDA services. Use Fail2Ban for the base fail2ban service setup.

Enable logging of sucessful user logins roundcube_log_logins.

Roundcube Filters

Custom filter to match roundcube log messages in syslog, with roundcube operating behind a proxy.

0644 root root /data/filter.d/mail-roundcube.conf

# Fail2Ban configuration file for roundcube web server behind proxy.

[INCLUDES]

before = common.conf

[Definition]

prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*.*(<[\w]+>)? IMAP Error)?: <F-CONTENT>.+</F-CONTENT>$

failregex = ^(?:FAILED login|Login failed) for <F-USER>.*</F-USER> against .*X-Forwarded-For: <HOST>.*$
            ^(?:<[\w]+> )?Failed login for <F-USER>.*</F-USER> against .*X-Forwarded-For: <HOST> .*$

ignoreregex =

journalmatch = SYSLOG_IDENTIFIER=roundcube

Roundcube Jails

0644 root root /data/jail.d/roundcube.conf

[mail-roundcube]
enabled  = true
port     = http,https
filter   = mail-roundcube
logpath  = /var/log/syslog
bantime  = -1
findtime = 86400
maxretry = 3

Restart fail2ban.