Then test your webmail login a few times from a non-whitelisted IP address and watch LFD lock you out per your CSF/LFD settings. Just a personal choice.Īnd select PLUGINS, select squirrel_logger to activate, save and quit. The change to the login_error line is simply to make the line more closely resemble the login failure line that imapd itself reports to the log, since I’d rather edit this than LFD’s custom regex rules. You’ve added the IDENT as “imapd” so that it shows something meaningful (and LFD thinks it is imapd reporting this, which is fine by me). 'LOGIN_ERROR' => "LOGIN FAILED, user=%2, ip=", 'SYSTEM:LOG_INFO:LOG_MAIL:imapd' => array( 'RESTRICT_SENDERS' => "Failed recipient limit: by %2 (%3) at %4 on %6: %7", 'OUTGOING_MAIL' => "Message sent via webmail: by %2 (%3) at %4 on %6: %7", Get a free domain name, real 24/7 support. 'LOGIN' => "Successful webmail login: by %2 (%3) at %4 on %6: %7", Hostmonster - Top rated web hosting provider - Free 1 click installs For blogs, shopping carts, and more. Then go into config.php and find the block: Tar zxvf squirrel_logger-2.3-1.2.7.tar.gz Making option 2 work is simple and quick, fortunately. SquirrelMail supports the POP3 (Post Office Protocol), IMAP, SMTP (Simple Mail. Install squirrel_logger and configure it to write the *actual* IP to /var/log/mail.log. It provides a web-based-email client and a proxy server for IMAP protocol. Require basic-auth on the webmail login page (ugh, more user/passes to track and another login step for users, or you have to go the cPanel route which uses basic auth only and retains their login information for access to SquirrelMail)Ģ. So there are two options here (since leaving this gaping security hole is not an option):ġ. LFD doesn’t know where the login requests are coming from because once you hit the squirrelmail login page you’re on localhost. Note the “missing” IP address of 127.0.0.1 (localhost). Why not? A quick look at /var/log/mail.log explains it:Īpr 2 21:12:32 - imapd: LOGIN FAILED, user=nobody, ip= The first time you sign into SquirrelMail you will be asked to enter some additional information. Click on the SquirrelMail option from the selection of interfaces. Be sure to replace with your own domain name. But you tested a brute force attack on Squirrelmail’s login page, and you noticed that LFD doesn’t detect brute force login attempts. You can get to the webmail login by using the format /webmail in your browser’s address bar. Then you were good enough to set up fail2ban or (my favorite) CSF/LFD. You installed Courier or Dovecot and you put SquirrelMail on your box for webmail.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |