roundcube webmail Brute Forcing Attack 防禦

https://mattrude.com/projects/roundcube-fail2ban-plugin/

1. 下載 roundcube-fail2ban-plugin，解壓縮放在roundcube的plugin目錄裏，

    並把目錄名稱改成fail2ban。

2. 在roundcube的設定檔config.inc.php裏掛載fail2ban plugin

$rcmail_config['plugins'] = array('fail2ban');

3. 在 /etc/fail2ban/jail.conf 加上

[roundcube]

enabled  = true

port     = http,https

filter   = roundcube

action   = iptables-multiport[name=roundcube, port="http,https"]

logpath  = /var/log/roundcubemail/userlogins

4. 新增 /etc/fail2ban/filter.d/roundcube.conf 

[Definition]

failregex = FAILED login for .*. from <HOST>

ignoreregex =

也可以不使用這個plugin去產生userlogins這個LOG檔,
直接修改fail2ban的設定去抓roundcube的log檔，

另外也要修改filter截取字串的內容。

mailbox to maildir

 1. 安裝 mb2md 套件

     #dnf install mb2md

2. 建立 maildir 目錄並修改權限

    #mkdir /var/spool/maildir
    #chown root.mail /var/spool/maildir
    #chmod 775 /var/spool/maildir

3. 修改 postfix 設定 vi /etc/postfix/main.cf

    home_mailbox = Maildir/
   mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=/var/spool/maildir/$USER/ MAILDIR=/var/spool/maildir/$USER

4. 修改 dovecot 設定 vi /etc/dovecot.conf

    mail_location = maildir:/var/spool/maildir/%u

5. 停止 mail service

    #systemctl stop postfix
    #systemctl stop dovecot

6. 寫一個 script 執行

#!/bin/sh

set -x

MAILBOX_DIR="/var/spool/mail"

MAILDIR_DIR="/var/spool/maildir"

[ -d $MAILDIR_DIR ] || mkdir -p $MAILDIR_DIR

cd $MAILBOX_DIR

for user in *; do

        mb2md -s $MAILBOX_DIR/$user -d $MAILDIR_DIR/$user

        chown -R $user.mail $MAILDIR_DIR/$user/
done

7. 啟動郵件服務

    #systemctl start postfix
    #systemctl start dovecot