[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kolab-users
Subject:    Re: [Fwd: Re: CentOS + Kolab + Fail2Ban + IMAP]
From:       "L.Slanina" <ladas () seznam ! cz>
Date:       2018-05-14 21:09:59
Message-ID: 1526332199.16339.19.camel () seznam ! cz
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi everybody.
Sorry for late answer, I was outside of my office.
Thank you Franz for advice. At the beginning it seems complicated, but
at the end copy/paste and a bit modifications and it works! I found
correct IPs' at maillog so it works with fail2ban too which was my
target. Thank you very much for help.
Greetings, ladas
Skale, Franz píše v Pá 11. 05. 2018 v 11:00 +0200:
> Hi,
> Therefore i disabled guam and have written my own fail2ban rules  
> (Postfix, cyrus, roundcube).
> Also, the current guam version isn't stable. I posted a strace some
> time  
> ago. (Orphaned threads).
> It's quite easy to disable guam !
> Disable the service (systemctl disable guam.service).
> Change /etc/cyrus.conf to bind to the relevant ports. (disabling
> guam).
> E.g:
> # UNIX sockets start with a slash and are put into
> /var/lib/imap/sockets
> SERVICES {
>           # add or remove based on preferences
>           imap                cmd="imapd" listen="hostname.domain.com:imap"
> prefork=10
>           imaps                cmd="imapd -s -T 660"  
> listen="hostname.domain.com:imaps" prefork=10
>           pop3                cmd="pop3d" listen="hostname.domain.com:pop3"
> prefork=5
>           pop3s                cmd="pop3d -s -T 660"  
> listen="hostname.domain.com:pop3s" prefork=5
>           sieve                cmd="timsieved" listen="hostname.domain.com:sieve"  
> prefork=0
> 
>           imaplocal                cmd="imapd" listen="localhost:imap" prefork=10
>           imapslocal                cmd="imapd -s -T 660"
> listen="localhost:imaps"  
> prefork=10
>           pop3local                cmd="pop3d" listen="localhost:pop3" prefork=5
>           pop3slocal                cmd="pop3d -s -T 660"
> listen="localhost:pop3s"  
> prefork=5
>           sievelocal                cmd="timsieved" listen="localhost:sieve"
> prefork=0
> 
>           ptloader        cmd="ptloader -d9"  
> listen="/var/lib/imap/ptclient/ptsock" prefork=1
> 
>           # these are only necessary if receiving/exporting usenet via
> NNTP
>           #nntp                cmd="nntpd" listen="nntp" prefork=3
>           #nntps                cmd="nntpd -s" listen="nntps" prefork=1
> 
>           # at least one LMTP is required for delivery
>           #lmtp                cmd="lmtpd" listen="lmtp" prefork=0
>           lmtpunix        cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
> prefork=1
> 
>           # this is only necessary if using notifications
>           notify        cmd="notifyd" listen="/var/lib/imap/socket/notify"  
> proto="udp" prefork=1
> }
> 
> Rgds.
> Franz
> 
> 
> Am 2018-05-10 21:00, schrieb ladas:
> > 
> > Hi everybody.
> > 
> > Yes, that is the problem. I can see that some user try to log in
> > with
> > no success, but IP address is localhost 172.0.0.1 And this is not
> > possible to use for fail2ban. I need to get correct source IP
> > address
> > of the client to be possible to use it in a firewall rule.
> > 
> > Greetings,
> > ladas
> > 
> > Aleksander Machniak píše v Čt 10. 05. 2018 v 20:21 +0200:
> > 
> > > 
> > > On 05/10/2018 08:12 PM, Mihai Badici wrote:
> > > > 
> > > > If not, you should set $config['log_logins'] = true; in
> > > > /etc/roundcubemail/config.inc.php
> > > The question was about IMAP. What webmail does is irrelevant. ps.
> > > I
> > > don't know if Guam implements any options to log the IP or pass
> > > the
> > > real IP to cyrus.
> > _______________________________________________
> > users mailing list
> > users@lists.kolab.org
> > https://lists.kolab.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users@lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
[Attachment #5 (text/html)]

<html><head></head><body><div>Hi everybody.</div><div><br></div><div>Sorry for late \
answer, I was outside of my office.</div><div>Thank you Franz for advice. At the \
beginning it seems complicated, but at the end copy/paste and a bit modifications and \
it works! I found correct IPs' at maillog so it works with fail2ban too which was my \
target. Thank you very much for help.</div><div><br></div><div>Greetings, \
ladas</div><div><br></div><div>Skale, Franz píše v Pá 11. 05. 2018 v 11:00 \
+0200:</div><blockquote type="cite"><pre>Hi, Therefore i disabled guam and have \
written my own fail2ban rules  (Postfix, cyrus, roundcube).
Also, the current guam version isn't stable. I posted a strace some time 
ago. (Orphaned threads).
It's quite easy to disable guam !
Disable the service (systemctl disable guam.service).
Change /etc/cyrus.conf to bind to the relevant ports. (disabling guam).
E.g:
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
     # add or remove based on preferences
     imap        cmd="imapd" listen="hostname.domain.com:imap" prefork=10
     imaps        cmd="imapd -s -T 660" 
listen="hostname.domain.com:imaps" prefork=10
     pop3        cmd="pop3d" listen="hostname.domain.com:pop3" prefork=5
     pop3s        cmd="pop3d -s -T 660" 
listen="hostname.domain.com:pop3s" prefork=5
     sieve        cmd="timsieved" listen="hostname.domain.com:sieve" 
prefork=0

     imaplocal        cmd="imapd" listen="localhost:imap" prefork=10
     imapslocal        cmd="imapd -s -T 660" listen="localhost:imaps" 
prefork=10
     pop3local        cmd="pop3d" listen="localhost:pop3" prefork=5
     pop3slocal        cmd="pop3d -s -T 660" listen="localhost:pop3s" 
prefork=5
     sievelocal        cmd="timsieved" listen="localhost:sieve" prefork=0

     ptloader    cmd="ptloader -d9" 
listen="/var/lib/imap/ptclient/ptsock" prefork=1

     # these are only necessary if receiving/exporting usenet via NNTP
     #nntp        cmd="nntpd" listen="nntp" prefork=3
     #nntps        cmd="nntpd -s" listen="nntps" prefork=1

     # at least one LMTP is required for delivery
     #lmtp        cmd="lmtpd" listen="lmtp" prefork=0
     lmtpunix    cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

     # this is only necessary if using notifications
     notify    cmd="notifyd" listen="/var/lib/imap/socket/notify" 
proto="udp" prefork=1
}

Rgds.
Franz


Am 2018-05-10 21:00, schrieb ladas:
<blockquote type="cite">
Hi everybody.

Yes, that is the problem. I can see that some user try to log in with
no success, but IP address is localhost 172.0.0.1 And this is not
possible to use for fail2ban. I need to get correct source IP address
of the client to be possible to use it in a firewall rule.

Greetings,
ladas

Aleksander Machniak píše v Čt 10. 05. 2018 v 20:21 +0200:

<blockquote type="cite">
On 05/10/2018 08:12 PM, Mihai Badici wrote:
<blockquote type="cite">
If not, you should set $config['log_logins'] = true; in
/etc/roundcubemail/config.inc.php
</blockquote>
The question was about IMAP. What webmail does is irrelevant. ps. I
don't know if Guam implements any options to log the IP or pass the
real IP to cyrus.
</blockquote>
_______________________________________________
users mailing list
<a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a>
<a href="https://lists.kolab.org/mailman/listinfo/users">https://lists.kolab.org/mailman/listinfo/users</a>
 </blockquote>
_______________________________________________
users mailing list
<a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a>
<a href="https://lists.kolab.org/mailman/listinfo/users">https://lists.kolab.org/mailman/listinfo/users</a></pre></blockquote></body></html>




_______________________________________________
users mailing list
users@lists.kolab.org
https://lists.kolab.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic