I have a NethServer 7.2009 installed on a VM at home used as a mail server for my home lab. In order to use it remotely I configured a virtual host on another machine through apache that redirects all traffic to mail.mydomain.com.
Now come some security concerns:
Because of the apache proxy, every failed login attempt in the /var/log/ contains logged using the internal proxy IP, instead of the real client IP. I red a lot of documentation talking about using X-Forwarded-For headers and mod_remoteip , but all this kind of stuff should be configured on the nethserver’s roundcube configuration file that is not editable due to overwrites after eventual updates, so I really don’t know where to put my hands on.
Also, if I have success in logging the correct IPs, I’d like to mount the /var/log/ folder on the apache proxyserver and configure fail2ban in order to block repeatedly wrong login attempts. Now, I cannot do it because every failed attempt is logged as my proxy IP, so obviously it cannot ban itself.
Do you have any idea? I tried to find someone with my same problem but didn’t find anything. Also, I tried to ask chatgpt hoping it was “better than me” in searching online, but without any luck.
Just for future references, I solved my second question using rsyslog between mailserver and proxy server. I configured the /etc/rsyslog.conf file (on the client, in my case the mailserver) as follow:
#### MODULES ####
#Added imfile module
#### RULES ####
#Added a set of rules for my 2 web clients webtop and roundcube
#Uncommented and updated the last line
After that, I restarted rsyslog:
systemctl restart rsyslog
I enabled rsyslog on the proxyserver too in order to listen for logs on port 514 through /etc/rsyslog.conf (on the proxy server):
#Uncomment the following to enable TCP listening on 514
#The following template specifies where the logs will be written by rsyslog
$template remotelogs, "/var/log/remote/%hostname%.log"
Remember that the owner of the folder MUST be syslog:adm to avoid permission issues, so change it accordingly.