Results 1 to 10 of 10

Thread: User Authentication in Log Files

  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    16

    User Authentication in Log Files

    Hi Zarafa Team,

    first of all you made a very great Product! I use the Community Edition for our Family Mail Server and everything is fine. It's is absolutely awesome
    that we could use the 3 Client full mapi support @home in the Community Edition without license fee's. A big thanks for that!

    No to my question: Is it possible to get failed user authentications from the WebAccess and the Mapi/MapiSSL in a log file? With the Gateway.log i get
    all information i need for IMAP to solve scriptkiddy dictionary attacks an block them out. But on the WebAccess and Mapi logon i missed that information.

    Best Regards
    John

  2. #2
    Senior Member
    Join Date
    May 2006
    Location
    Delft
    Posts
    1,935

    Re: User Authentication in Log Files

    John,

    The information is also logged in the server.log for webaccess and outlook connectivity.

    See below:

    Milo

  3. #3
    Junior Member
    Join Date
    Jan 2011
    Posts
    16

    Re: User Authentication in Log Files

    Hi Milo,

    thanks for your answer. Default the Server.conf is set to Loglevel 2 and don't log that Stuff. In Loglevel 3 it logs the Authentication fails.
    With Mapi connects everything is fine an the ip will be logged correct but on webaccess everytime with ip 0.0.0.0 ???

    Best Regards
    John

  4. #4
    Senior Member
    Join Date
    May 2006
    Location
    Delft
    Posts
    1,935

    Re: User Authentication in Log Files

    When connecting via webaccess or a gateway the server doesn't know the original ip-address of the user.
    Because the actual client that is connecting to the zarafa-server is the webaccess or gateway.

    Milo

  5. #5
    Junior Member
    Join Date
    Jan 2011
    Posts
    16

    Re: User Authentication in Log Files

    Ok, I understand. Is it possible to log that direct from the webaccess?

    John

  6. #6
    Senior Member
    Join Date
    May 2006
    Location
    Delft
    Posts
    1,935

    Re: User Authentication in Log Files

    This option is not available at the moment, but should be possible with extending the webaccess code.

    Milo

  7. #7
    Junior Member
    Join Date
    Jan 2011
    Posts
    16

    Re: User Authentication in Log Files

    Hi Milo,

    ok then i try to made a small code extension in the Webaccess Sources.

    John

  8. #8
    Junior Member
    Join Date
    Jan 2011
    Posts
    16

    Re: User Authentication in Log Files

    Hi @All,

    sorry for the late info - i am a litte bit busy at the moment. Here is a small solution for everyone else who need it...

    In /usr/share/zarafa-webaccess/index.php look for
    and change it to: (Logging direct to File)
    or change it to: (Logging over Syslog)
    Now you can parse the /path/to/logfail.log File with Fail2Ban and block out bad guys.

    Best Regards
    John

  9. #9
    Junior Member
    Join Date
    Jan 2011
    Posts
    2

    Re: User Authentication in Log Files

    thank you a lot

    i managed to get the faillog from zarafa, but i fail at creating a fail2ban filter that works... :roll:

    anybody?

  10. #10
    Junior Member
    Join Date
    Apr 2011
    Posts
    1

    Re: User Authentication in Log Files

    Hi Sorsenne and all,

    It's a couple of weeks on now, so I guess you might have found the solution Sorsenne, but I've just set up fail2ban for both zarafa-webaccess and z-push, using JohnMOX's php edit as above and I thought I'd share details here in case they are useful to anyone else.

    Firstly I changed the index.php code in the webaccess folder to log to file as described above by JohnMOX, before making a similar edit to the index.php file for z-push. Only a couple of tiny changes were needed for the remote address and user variables, but before I could get it to work I also had to make a change to the date_default_timezone_set line in z-push's config.php. I'm not sure if I missed something installing z-push, but the timezone was automatically set to Europe/Amsterdam. This meant that authentication errors were logged an hour ahead of the system-time and consequently fail2ban didn't detect them when it parsed the logfile. To fix this simply update "Europe/Amsterdam" with the correct timezone (see valid list here: )

    config.php in z-push folder. Needs updating to correct timezone.
    Look in index.php in your z-push folder for:
    and change to look like below to log authentication errors to a file (or alternatively ofc you could use the syslog method as above in JohnMOX's post)
    Create the file /etc/fail2ban/filter.d/zarafa-webaccess.conf and insert the following:
    Open /etc/fail2ban/jail.conf for editting and append the following to the very bottom:
    Ofc, there are plenty of options you can change here, both in the jail.conf settings and whether you log both webaccess and z-push to the same file etc. Just hope this might be of some use to others looking to do the same.

Similar Threads

  1. Unix authentication
    By rabdallah in forum Installation and Configuration Archives
    Replies: 6
    Last Post: 09-06-2010, 06:18 PM
  2. User mapping with ldap authentication
    By klausf in forum Z-Merge Development Archives
    Replies: 2
    Last Post: 07-03-2010, 05:10 PM
  3. User-Authentication over ldap?
    By Daniel26 in forum Installation and Configuration Archives
    Replies: 4
    Last Post: 14-05-2009, 03:13 PM
  4. Authentication error: profile 'Zarafa': Authentication [...]
    By thielmann in forum Z-Merge Development Archives
    Replies: 21
    Last Post: 21-01-2009, 06:57 PM
  5. no user authentication after upgrading to Etch
    By swotan in forum Installation and Configuration Archives
    Replies: 1
    Last Post: 04-01-2008, 04:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •