Basic Configuration
Postgres Backend
Postgres may be used to store roundcube data in a centralized location. This assumes that Postgresql is already configured, with an empty database for roundcube to use (see Creating A Database).
The roundcube DB schema is defined in the roundcube respository.
psql -U roundcube -f SQL/postgres.initial.sql roundcube
fail2ban Setup
Enable fail2ban for MTA and MDA services. Use Fail2Ban for the base fail2ban service setup.
Enable logging of sucessful user logins roundcube_log_logins
.
Roundcube Filters
Custom filter to match roundcube log messages in syslog, with roundcube operating behind a proxy.
# Fail2Ban configuration file for roundcube web server behind proxy.
[INCLUDES]
before = common.conf
[Definition]
prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*.*(<[\w]+>)? IMAP Error)?: <F-CONTENT>.+</F-CONTENT>$
failregex = ^(?:FAILED login|Login failed) for <F-USER>.*</F-USER> against .*X-Forwarded-For: <HOST>.*$
^(?:<[\w]+> )?Failed login for <F-USER>.*</F-USER> against .*X-Forwarded-For: <HOST> .*$
ignoreregex =
journalmatch = SYSLOG_IDENTIFIER=roundcube
Roundcube Jails
[mail-roundcube]
enabled = true
port = http,https
filter = mail-roundcube
logpath = /var/log/syslog
bantime = -1
findtime = 86400
maxretry = 3
Restart fail2ban.