[Fwd: Re: CentOS + Kolab + Fail2Ban + IMAP]

Lars l.kolab.org at with.de
Thu May 10 19:39:54 CEST 2018


Hi ladas,

look at

/var/log/roundcubemail/userlogins

I get something like

[15-Mar-2018 13:20:31,062769 +0100]: <vtn5nchc> Failed login for ... 
from 91.109.28.144 in session vtn5nchcuuphqc2nlnu3koom66 (error: 0)

HTH
Lars

Am 07.05.2018 um 11:39 schrieb ladas:
>> Hi Mihai.
>>
>> Unfortunately not. Since last update I can see in roundcube logs only
>> https access into Roundcube web interface. Not more :(
>>
>> ladas
>>
>> Mihai Badici píše v Po 07. 05. 2018 v 11:39 +0300:
>>> This should be in apache's log or better in roundcube if failed
>>> logins are logged but probably you will need to adjust the filters
>>>
>>> On 05/07/2018 11:23 AM, ladas wrote:
>>>> Good morning to everyone in user list.
>>>>
>>>> Has someone any experience how to detect bad login IP address at
>>>> IMAP protocol? At maillog I can see only 127.0.0.1 IP address, at
>>>> guam logs is nothing :( At windows I can use Outlook with
>>>> ActiveSync where source IP is logged but at linux with Evolution
>>>> or Kontact client I can use just IMAP protocol. Unfortunately I
>>>> did not find "attacker" source IP address + imap bad login notice
>>>> at any log :(
>>>> Thank you for any ideas.
>>>>
>>>> Greetings,
>>>> ladas
>>>>
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users at lists.kolab.org
>>>> https://lists.kolab.org/mailman/listinfo/users
>>>   
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users


More information about the users mailing list