Package: fail2ban
Version: 0.8.13-1

(Same as bug #507990 which results fixed, but seems it's not :) )


When using postfix with dovecot as the SASL authenticator, fail2ban fails to detect auth errors as this one:

----BEGINS----
Jan 25 22:25:05 xxxx postfix/submission/smtpd[17942]: warning: unknown[198.50.137.148]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 25 22:25:23 xxxx postfix/submission/smtpd[17942]: warning: unknown[198.50.137.148]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 25 22:25:43 xxxx postfix/submission/smtpd[17942]: warning: unknown[198.50.137.148]: SASL LOGIN authentication failed: Connection lost to authentication server
----END-----

the current regex does not match :

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

this one ( as suggested by Udo Rader <[email protected]> in relation to bug#507990) does:

: warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w+



Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u1 (2015-12-14) x86_64 GNU/Linux

Libc6: Version: 2.19-18+deb8u1

--
*David Galligani *



Reply via email to