Package: fail2ban
Version: 1.1.0-8
Severity: normal
Tags: upstream

Dear Maintainer,

Dovecot seems to have changed the logging format between versions 2.3.x
and 2.4.x, rendering the current filter for dovecot logs included with
fail2ban ineffective. The new format on my server is:

Jun 17 03:43:20 
auth-worker(randomuser,2001:db8::42)<2104468><wXBHULw37oQgAQcYHgMIAQAAAAAAAAAQ>:
 request [31]: Info: pam: pam_authenticate() failed: Authentication failure 
(Password mismatch?)
Jun 17 03:43:22 imap-login: Info: Login aborted: Connection closed (auth 
failed, 1 attempts in 2 secs) (auth_failed): user=<randomuser>, method=PLAIN, 
rip=2001:db8::42, lip=2001:db8:10::ca1, TLS: Connection closed, 
session=<wXBHULw37oQgAQcYHgMIAQAAAAAAAAAQ>

The upstream has recently included support for the new formatin
<https://github.com/fail2ban/fail2ban/pull/4016> and according to
fail2ban-regex the new version matches the latter line correctly, which
is sufficient.

The result is that attacks on IMAP passwords don't get mitigated by fail2ban.

Best regards,
LEdoian

-- System Information:
Debian Release: 13.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.21-cloud-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to C.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fail2ban depends on:
ii  python3          3.13.3-1
ii  python3-systemd  235-1+b6

Versions of packages fail2ban recommends:
ii  nftables            1.1.2-1
ii  python3-pyinotify   0.9.6-5
ii  python3-setuptools  78.1.1-0.1
ii  whois               5.6.1

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]            8.1.2-0.20220412cvs-1
pn  monit                        <none>
ii  rsyslog [system-log-daemon]  8.2504.0-1
ii  sqlite3                      3.46.1-6

-- no debconf information

Reply via email to