Home Fail2ban Horde Webmail

Fail2ban Horde Webmail

This will show you how to setup horde to log failed logins and use fail2ban to detect these. A useful tool to check if any fail2ban filters are working as expected is the fail2ban-regex tool, more details here Fail2ban-regex help.

Login to horde webmail using an admin account. Navigate to the configuration page -> horde -> logging tab. You should see something similar to this.

Horde Logging Configuration Page

Create the directory and file specified in the configuration page.

mkdir /var/log/horde
chown -R root:www-data /var/log/horde/
chmod 770 /var/log/horde/
touch /var/log/horde/horde.log

Check the permissions are correct.

ls -l /var/log/horde/

Run the following command to 'follow the file' and login to horde. You should see some messages about a successful or failed login.

tail -f /var/log/horde/horde.log

Create the following file, this is the filters file which is what fail2ban uses to match suspicious activity in the log files.

nano /etc/fail2ban/filter.d/horde.conf

Add the following to it:

failregex = FAILED LOGIN for *.*\[<HOST>\].*$
ignoreregex =

Create or modify the jail.local file under /etc/fail2ban/ Add the following 'jail', these use the filters to match the suspicious activity in the specified log files, they then perform the actions specified or the default if none are specified in the jail.


enabled  = true
port     = http,https
filter   = horde
logpath  = /var/log/horde/horde.log


tail the horde log file as shown earlier, try logging in to the horde webmail with incorrect credentials, repeat this several times and you should see this being recorded in the log messages. Depending on the number of allowed attempts specified in the jail.conf it should ban your IP after exceeding the allowed amount.

This post is licensed under CC BY 4.0 by the author.

If you have found this site useful, please consider buying me a coffee :)

Proud supporter of the Gnome Foundation

Become a Friend of GNOME


Caesar Cipher Decryption Tool in Java

Scanner Server Ubuntu 14.04

Comments powered by Disqus.