From Fail2ban
Jump to: navigation, search

Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks and notes with the standards compliant components from the Horde Project. See also the Horde Webmail on official site

Horde Webmail edition version 1.0.8 and 1.1.3

  • Dec 15 08:59:59 HORDE [error] [imp] FAILED LOGIN for emai.user@somedomain.com [] to {mx.somedomain.com:993 [imap/ssl/novalidate-cert]} [pid 68394 on line 139 of /usr/local/www/www.somedomain.com/public_html/horde/imp/lib/Auth/imp.php"]


The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

# Fail2Ban configuration file
# Author: Alexander Verbod
# $Revision: 001 $


# Option:  failregex
# Notes.:  Regexp to catch failed login to HORDE ("Horde Groupware Webmail" http://horde.org)
# Notes.: Some installations authenticate via IMAP through imp, and some through Horde handlers, so both are needed in the failregex.
# Values:  TEXT
failregex = ^(?i).*[ \t]+HORDE[ \t]+\[error\][ \t]+\[(imp|horde)\][ \t]+FAILED[ \t]+LOGIN.*[[]<HOST>[]].*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
ignoreregex =