RoundCube: Error No [604]

I recently had a client who moved RoundCube to a new server. Since the move they are receiving the below error when they go to their webmail site.

SERVICE CURRENTLY NOT AVAILABLE!
Error No. [604]

After much digging and searching, I wasn’t coming up with much. I finely started walking threw the config file seeing what was enabled and were the different config options were pointing. After some digging I found they had memcache configured for session data. The php-pecl-memcache module wasn’t installed. I installed the module via yum, as it was a Fedora system using the below command.

yum install php-pecl-memcache

Since the config was still pointing at the running memcache server, the site came back up and is now working well again.

Advertisements

Fail2Ban Setup with RoundCube

In order for Fail2Ban to be able to ban IP addresses from computers trying to break into RoundCube. RoundCube needs to write the IP address of the offending system in it’s logs. To accomplish this, run the following patch from the root of your RoundCube directory, or modify the program/lib/imap.inc file directly.

program/lib/imap.inc

Index: program/lib/imap.inc
============================================================
--- program/lib/imap.inc        (revision 2446)
+++ program/lib/imap.inc        (working copy)
@@ -428,7 +428,7 @@
<br />
if ($result == -3) fclose($conn->fp); // BYE response
<br />
-    $conn->error    .= 'Authentication for ' . $user . ' failed (AUTH): "';
+    $conn->error    .= 'Authentication for ' . $user . ' (' . getenv("REMOTE_ADDR") . ') failed (AUTH): "';
$conn->error    .= htmlspecialchars($line) . '"';
$conn->errorNum  = $result;

Once you have RoundCube patched, you may use the below config and filter in Fail2Ban to block the IP address from RoundCube’s logs.

/etc/fail2ban/jail.conf:

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/logs/httpd/errors

/etc/fail2ban/filter.d/roundcube.conf:

[Definition]
failregex = IMAP Error: Authentication for .* (<HOST≶) failed ((?:LOGIN|AUTH)):
ignoreregex =