Hi!
i think found new problem with fail2ban and roundecube!
my Lan scheme
[internet] — [NS7(gateway,proxy, ReverseProxy etc)] ---- [LAN]— PC1, PCn …----[NS7(emai,webmail, roundcube, fail2ban)]
my email+webmail+fail2ban server inside in LAN and for LAN users fail2ban work ok
i config reverseproxy for access external users to my server roundcube.
and fal2ban not block IP address external users and not show status ‘Banned IP’
i see
/var/log/roundcubemail/errors.log
and see next entries, for example
[26-Sep-2018 20:08:15 +0500]: IMAP Error: Login failed for ib from 192.168.XXX.XXX(X-Forwarded-For: XXX.XXX.XXX.XXX). AUTHENTICATE PLAIN: Password: in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 197 (POST /webmail/?_task=login?_task=login&_action=login)
i see ip address 192.168.XXX.XXX - its IP my NS7(gateway,proxy, ReverseProxy etc) internal LAN
and see X-Forwarded-For: XXX.XXX.XXX.XXX its real users external IP
i think fail2ban not matched if see X-Forwarded-For: XXX.XXX.XXX.XXX
if entries look like
[26-Sep-2018 18:52:26 +0500]: IMAP Error: Login failed for ib from 192.168.XXX.XXX. AUTHENTICATE PLAIN: Password: in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 197 (POST /webmail/?_task=login?_task=login&_action=login)
without string X-Forwarded-For
it work and fail2ban work ok
Sorry my English…