Detect failed logins to the webportal

pittbull

I’ve been running mailcow for a few years now, and must say I love it! 😃

The last couple of years I’ve had Crowdsec protecting it and amongst other things detecting logins to the webportal and banning accordingly. This has been working perfectly until recently when the authentication mechanism changed.

Is anybody else running this setup and also successfully detecting and banning failed logins to the webportal?

Regards
Thomas

Ganzjahresgriller

I’m using crowdsec with mailcow

pittbull

Cool. Are protecting weblogins as well, or just Dovecot/Postfix?

Ganzjahresgriller

I use it for Dovecot/Postfix too. See here: https://community.mailcow.email/d/3938-big-fat-recommendation-for-crowdsec

pittbull

Same as for me, but I was monitoring for failed logins to the webpage (which were recorded in the dovecot log earlier), but since the auth has been redone the failed login message now appears in php-fpm container, which there is no parser for in crowdsec. Just wondered if anybody had created a custom parser, if not I’ll look into it myself.