Package: fail2ban Version: 1.1.0-8 Severity: normal Tags: upstream Dear Maintainer,
Dovecot seems to have changed the logging format between versions 2.3.x and 2.4.x, rendering the current filter for dovecot logs included with fail2ban ineffective. The new format on my server is: Jun 17 03:43:20 auth-worker(randomuser,2001:db8::42)<2104468><wXBHULw37oQgAQcYHgMIAQAAAAAAAAAQ>: request [31]: Info: pam: pam_authenticate() failed: Authentication failure (Password mismatch?) Jun 17 03:43:22 imap-login: Info: Login aborted: Connection closed (auth failed, 1 attempts in 2 secs) (auth_failed): user=<randomuser>, method=PLAIN, rip=2001:db8::42, lip=2001:db8:10::ca1, TLS: Connection closed, session=<wXBHULw37oQgAQcYHgMIAQAAAAAAAAAQ> The upstream has recently included support for the new formatin <https://github.com/fail2ban/fail2ban/pull/4016> and according to fail2ban-regex the new version matches the latter line correctly, which is sufficient. The result is that attacks on IMAP passwords don't get mitigated by fail2ban. Best regards, LEdoian -- System Information: Debian Release: 13.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.12.21-cloud-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fail2ban depends on: ii python3 3.13.3-1 ii python3-systemd 235-1+b6 Versions of packages fail2ban recommends: ii nftables 1.1.2-1 ii python3-pyinotify 0.9.6-5 ii python3-setuptools 78.1.1-0.1 ii whois 5.6.1 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1 pn monit <none> ii rsyslog [system-log-daemon] 8.2504.0-1 ii sqlite3 3.46.1-6 -- no debconf information

