Fix incorrect pid/log file in sogo.conf.

Sync docs/.
2015-02-15 17:29:35 +08:00 · 2015-02-15 17:29:35 +08:00 · 878de760ba
parent caf5d87f5e
commit 878de760ba
6 changed files with 57 additions and 4 deletions
--- a/html/sogo-centos-6-mysql.html
+++ b/html/sogo-centos-6-mysql.html
@ -112,7 +112,10 @@ for you, just replace MySQL username/password in this file, then it's done.</p>
    WOPort = 127.0.0.1:20000;

    // PID file
-    //WOPidFile = /var/log/sogo/sogo.log;
+    //WOPidFile = /var/run/sogo/sogo.log;
+
+    // Log file
+    //WOLogFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
--- a/html/sogo-centos-6-openldap.html
+++ b/html/sogo-centos-6-openldap.html
@ -109,7 +109,10 @@ basedn, bind dn/passwordthen in this file, then it's done.</p>
    WOPort = 127.0.0.1:20000;

    // PID file
-    //WOPidFile = /var/log/sogo/sogo.log;
+    //WOPidFile = /var/run/sogo/sogo.log;
+
+    // Log file
+    //WOLogFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
--- a/html/upgrade.iredmail.0.9.0-0.9.1.html
+++ b/html/upgrade.iredmail.0.9.0-0.9.1.html
@ -16,6 +16,7 @@
 <li><a href="#upgrade-iredmail-from-090-to-091">Upgrade iRedMail from 0.9.0 to 0.9.1</a><ul>
 <li><a href="#changelog">ChangeLog</a></li>
 <li><a href="#general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</a><ul>
+<li><a href="#optional-setup-fail2ban-to-monitor-password-failures-in-sogo-log-file">[OPTIONAL] Setup Fail2ban to monitor password failures in SOGo log file</a></li>
 <li><a href="#optional-add-one-more-fail2ban-filter-to-help-catch-spam">[OPTIONAL] Add one more Fail2ban filter to help catch spam</a></li>
 <li><a href="#optional-fixed-return-receipt-response-rejected-by-iredapd-plugin-reject_null_sender">[OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin reject_null_sender</a></li>
 <li><a href="#fixed-cannot-run-php-script-under-web-document-root-with-nginx">Fixed: Cannot run PHP script under web document root with Nginx.</a></li>
@ -43,6 +44,7 @@
 <p><strong>WARNING: Still working in progress, do <em>NOT</em> apply it.</strong></p>
 <h2 id="changelog">ChangeLog</h2>
 <ul>
+<li>2015-02-11: [All backends] [<strong>OPTIONAL</strong>] Setup Fail2ban to monitor password failures in SOGo log file.</li>
 <li>2015-02-11: [All backends] Fixed: Cannot run PHP script under web document root with Nginx.</li>
 <li>2015-02-09: [All backends] [<strong>OPTIONAL</strong>] Add one more Fail2ban filter to help catch spam.</li>
 <li>2015-02-04: [All backends] [<strong>OPTIONAL</strong>] Fixed: return receipt response rejected
@ -54,6 +56,21 @@
              SQL query file while acting as SASL server.</li>
 </ul>
 <h2 id="general-all-backends-should-apply-these-steps">General (All backends should apply these steps)</h2>
+<h3 id="optional-setup-fail2ban-to-monitor-password-failures-in-sogo-log-file">[<strong>OPTIONAL</strong>] Setup Fail2ban to monitor password failures in SOGo log file</h3>
+<p>To improve server security, we'd better block clients which have too many
+failed login attempts from SOGo.</p>
+<p>Please append below lines in Fail2ban main config file <code>/etc/fail2ban/jail.local</code>:</p>
+<pre><code>[SOGo]
+enabled     = true
+filter      = sogo-auth
+port        = http, https
+# without proxy this would be:
+# port    = 20000
+action      = iptables-multiport[name=SOGo, port=&quot;http,https&quot;, protocol=tcp]
+logpath     = /var/log/sogo/sogo.log
+</code></pre>
+
+<p>Restarting Fail2ban service is required.</p>
 <h3 id="optional-add-one-more-fail2ban-filter-to-help-catch-spam">[OPTIONAL] Add one more Fail2ban filter to help catch spam</h3>
 <p>We have a new Fail2ban filter to help catch spam, it will scan HELO rejections
 in Postfix log file and invoke iptables to ban client IP address.</p>
@ -74,6 +91,7 @@ failregex = \[&lt;HOST&gt;\]: SASL (PLAIN|LOGIN) authentication failed
 ignoreregex =
 </code></pre>

+<p>Restarting Fail2ban service is required.</p>
 <h3 id="optional-fixed-return-receipt-response-rejected-by-iredapd-plugin-reject_null_sender">[OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin <code>reject_null_sender</code></h3>
 <p>Note: this is applicable if you want to keep iRedAPD plugin <code>reject_null_sender</code>
 but still able to send return receipt with Roundcube webmail.</p>
--- a/integrations/0-sogo-centos-6-mysql.md
+++ b/integrations/0-sogo-centos-6-mysql.md
@ -93,7 +93,10 @@ With below config file, SOGo will listen on address `127.0.0.1`, port `20000`.
    WOPort = 127.0.0.1:20000;

    // PID file
-    //WOPidFile = /var/log/sogo/sogo.log;
+    //WOPidFile = /var/run/sogo/sogo.log;
+
+    // Log file
+    //WOLogFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
--- a/integrations/0-sogo-centos-6-openldap.md
+++ b/integrations/0-sogo-centos-6-openldap.md
@ -90,7 +90,10 @@ With below config file, SOGo will listen on address `127.0.0.1`, port `20000`.
    WOPort = 127.0.0.1:20000;

    // PID file
-    //WOPidFile = /var/log/sogo/sogo.log;
+    //WOPidFile = /var/run/sogo/sogo.log;
+
+    // Log file
+    //WOLogFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
--- a/upgrade/0-upgrade.iredmail.0.9.0-0.9.1.md
+++ b/upgrade/0-upgrade.iredmail.0.9.0-0.9.1.md
@ -7,6 +7,7 @@ __WARNING: Still working in progress, do _NOT_ apply it.__

 ## ChangeLog

+* 2015-02-11: [All backends] [__OPTIONAL__] Setup Fail2ban to monitor password failures in SOGo log file.
 * 2015-02-11: [All backends] Fixed: Cannot run PHP script under web document root with Nginx.
 * 2015-02-09: [All backends] [__OPTIONAL__] Add one more Fail2ban filter to help catch spam.
 * 2015-02-04: [All backends] [__OPTIONAL__] Fixed: return receipt response rejected
@ -19,6 +20,26 @@ __WARNING: Still working in progress, do _NOT_ apply it.__

 ## General (All backends should apply these steps)

+### [__OPTIONAL__] Setup Fail2ban to monitor password failures in SOGo log file
+
+To improve server security, we'd better block clients which have too many
+failed login attempts from SOGo.
+
+Please append below lines in Fail2ban main config file `/etc/fail2ban/jail.local`:
+
+```
+[SOGo]
+enabled     = true
+filter      = sogo-auth
+port        = http, https
+# without proxy this would be:
+# port    = 20000
+action      = iptables-multiport[name=SOGo, port="http,https", protocol=tcp]
+logpath     = /var/log/sogo/sogo.log
+```
+
+Restarting Fail2ban service is required.
+
 ### [OPTIONAL] Add one more Fail2ban filter to help catch spam

 We have a new Fail2ban filter to help catch spam, it will scan HELO rejections
@ -45,6 +66,8 @@ failregex = \[<HOST>\]: SASL (PLAIN|LOGIN) authentication failed
 ignoreregex =
 ```

+Restarting Fail2ban service is required.
+
 ### [OPTIONAL] Fixed: return receipt response rejected by iRedAPD plugin `reject_null_sender`

 Note: this is applicable if you want to keep iRedAPD plugin `reject_null_sender`