Fail2Ban jail for roundcube-auth crashes F2B

OS type and version Ubuntu Linux 20.04.3
Virtualmin version 6.17-3 Pro

Prolly something I am doing/not doing, but when I enable the f2b roundcube-auth jail it causes f2b to “error” and wont restart.

After hitting the “Restart f2b” button to apply the configuration, it results in a page with nothing but “ERROR” at the top. You have to go back and uncheck “round cube-auth” to get it to start again.

roundcube-auth settings are the default:
Filter: Default
Actions: empty
Log file Paths: %(roundcube_errors_log)s
Times: (All at default)

I dont see a corresponding “match action” for round cube-auth, not sure if that is the problem or not. I Can post a log output if needed, just let me know which one…


1 Like

Any help is appreciated…


Do you have enough resources, memory in particular? Perhaps, RoundCube logs are very large?

Check the fail2ban status and/or search for out-of-memory killer messages by running dmesg | grep -i oom command, to get better understanding what is happening.

Yes I have enough memory I believe. The server has 8GB real memory. The " dmesg | grep -i oom" returns nothing fyi.

This is the error I get now (there was an update to Roundcube today):
### Failed to restart server : 2022-02-23 10:49:37,176 fail2ban [313222]: ERROR Failed during configuration: Have not found any log file for roundcube-auth jail

So it seems f2b cant find the roundcube-auth log file? I have searched high and low, the only related log file I can find is:

It adds an entry everytime I purposly fail a login attempt:

[23-Feb-2022 11:04:05 -0500]: <vhofvb93> IMAP Error: Login failed for jibberishname against localhost from AUTHENTICATE PLAIN: Authentication failed. in /home/myuser/public_html/roundcube/program/lib/Roundcube/rcube_imap.php on line 211 (POST /roundcube/?_task=login&_action=login)

I have found in the roundcube default config an option to change the log location:

// use this folder to store log files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
// This is used by the 'file' log driver.
$config['log_dir'] = RCUBE_INSTALL_PATH . 'logs/';

There are also options to change the logging type, etc…

// ----------------------------------
// ----------------------------------

// log driver:  'syslog', 'stdout' or 'file'.
$config['log_driver'] = 'file';

// date format for log entries
// (read for all format characters)
$config['log_date_format'] = 'd-M-Y H:i:s O';

// length of the session ID to prepend each log line with
// set to 0 to avoid session IDs being logged.
$config['log_session_id'] = 8;

// Default extension used for log file name
$config['log_file_ext'] = '.log';

// Syslog ident string to use, if using the 'syslog' log driver.
$config['syslog_id'] = 'roundcube';

// Syslog facility to use, if using the 'syslog' log driver.
// For possible values see installer or
$config['syslog_facility'] = LOG_USER;

// Activate this option if logs should be written to per-user directories.
// Data will only be logged if a directory <log_dir>/<username>/ exists and is writable.
$config['per_user_logging'] = false;

// Log sent messages to <log_dir>/sendmail.log or to syslog
$config['smtp_log'] = true;

// Log successful/failed logins to <log_dir>/userlogins.log or to syslog
$config['log_logins'] = false;

Or maybe simply telling f2b where to find the log is needed?

Roundcube is installed into a domain home, and its logs will be in that users home. There is no way for fail2ban to figure that out, you’ll have to explicitly tell it where to find the log(s).

1 Like

Yes that did it… Thanks for the help…

For anyone who is interested:

  1. Locate your Roundcube error log. It is in the /roundcube/logs/ folder. In my case:

  2. Add this path to: filter action jails > roundcube-auth > log file paths
    Replace whats there with your path to the log from above.

  3. Enable, save and restart the f2b server.

You will now see it in the system > system logs > f2b.log :

2022-02-23 12:38:09,110 fail2ban.filter [500]: INFO [roundcube-auth] Found - 2022-02-23 12:38:09

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.