[Fail2ban] Added more regex to match failed or disallowed logins to Dovecot, changed Mailcow to mailcow

This commit is contained in:
andryyy 2017-07-02 11:10:35 +02:00
parent cf594fbabd
commit b7cb4ac9d5
3 changed files with 7 additions and 4 deletions

View File

@ -40,8 +40,11 @@ RULES[php_fpm_container] = {}
RULES[postfix_container][1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed'
RULES[dovecot_container][1] = '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),'
RULES[dovecot_container][2] = '-login: Disconnected \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[dovecot_container][3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[dovecot_container][4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[sogo_container][1] = 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked'
RULES[php_fpm_container][1] = 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
RULES[php_fpm_container][1] = 'mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
r.setnx("F2B_BAN_TIME", "1800")

View File

@ -229,11 +229,11 @@ function check_login($user, $pass) {
}
if (!isset($_SESSION['ldelay'])) {
$_SESSION['ldelay'] = "0";
error_log("Mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
}
elseif (!isset($_SESSION['mailcow_cc_username'])) {
$_SESSION['ldelay'] = $_SESSION['ldelay']+0.5;
error_log("Mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
}
sleep($_SESSION['ldelay']);
}

View File

@ -319,7 +319,7 @@ services:
- acme
fail2ban-mailcow:
image: mailcow/fail2ban:1.5
image: mailcow/fail2ban:1.4
build: ./data/Dockerfiles/fail2ban
depends_on:
- dovecot-mailcow