Request: Captcha error message without knowing who did it

[claudiosoprano]

In the last weeks i have a lot of messages of this type:

Aug 3 04:01:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh) Aug 3 04:02:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh) Aug 3 04:03:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh) Aug 3 04:04:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh) Aug 3 04:05:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh) Aug 3 04:06:49 webmail1 roundcube: <12qo0676> PHP Error: Request security check failed (POST /?_task=mail&_action=refresh)

I receive an email each hour contaning these lines, but i have no way to know who is doing it, is it possible add the IP and/or the user tried to login.

I suspect these are attempts to force something (each minute exactly), but i can't understand in the logs who is doing this, if you add the IP HOST to the message and/or the user used to, i can teach fail2ban how to ban that IP/user else i wll not be able to do.

Thanks in advance