Hello Could you please resend the patch as attachement?
The content is broken as the lines aren't correct formatted. Thanks Sylvestre Le 20/09/2021 à 00:16, Diane Trout a écrit : > Package: fail2ban > Version: fail2ban > Severity: normal > Tags: patch > > Dear Maintainer, > > After activating the exim jail in fail2ban I noticed many failed login > attempts > continuing to clutter up my logs. > > Eventually I figured out the current failregex includ a pattern for the > %(pid)s > that my current exim logs don't include. > > It seems like default configuration of fail2ban should work with the default > configuration of Debian's log files. > > I found similar reports of fail2ban not working with exim like: > https://systemadminspro.com/fail2ban-and-exim-on-ubuntu/ > > -- System Information: > Debian Release: bullseye > APT prefers bullseye/main > APT policy: (500, 'bullseye/main'), (500, 'bullseye/non-free'), (500, > 'bulleye-security/main'), (500, 'bullseye-updates/main'), (100, 'bullseye- > backports/main') > Architecture: i386 > > Kernel: Linux 4.19.0-17-686-pae > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US:en > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > > *** /run/user/1000/exim.conf.debian.patch > --- exim.conf.dpkg-dist 2020-11-23 12:43:03.000000000 -0800 > +++ exim.conf 2021-09-04 13:54:00.199013124 -0700 > @@ -17,12 +17,13 @@ > #prefregex = ^%(pid)s <F-CONTENT>\b(?:\w+ authenticator failed|([\w\-]+ > )?SMTP > (?:(?:call|connection) from|protocol(?: synchronization)? error)|no MAIL > in|(?:%(host_info_pre)s\[[^\]]+\]%(host_info_suf)s(?:sender verify > fail|rejected RCPT|dropped|AUTH command))).+</F-CONTENT>$ > > -failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown > user|Unrouteable address|all relevant MX records point to non-existent > hosts)\s*$ > - ^%(pid)s \w+ authenticator failed for (?:[^\[\( ]* )?(?:\(\S*\) > )?\[<HOST>\](?::\d+)?(?: I=\[\S+\](:\d+)?)?: 535 Incorrect authentication > data( > \(set_id=.*\)|: \d+ Time\(s\))?\s*$ > - ^%(pid)s %(host_info)srejected RCPT [^@]+@\S+: (?:relay not > permitted|Sender verify failed|Unknown user|Unrouteable address)\s*$ > - ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected > (?:connection from|"\S+") %(host_info)s(?:next )?input=".*"\s*$ > - ^%(pid)s SMTP call from (?:[^\[\( ]* )?%(host_info)sdropped: too > many (?:nonmail commands|syntax or protocol errors) \(last (?:command )?was > "[^"]*"\)\s*$ > - ^%(pid)s SMTP protocol error in "[^"]+(?:"+[^"]*(?="))*?" > %(host_info)sAUTH command used when not advertised\s*$ > - ^%(pid)s no MAIL in SMTP connection from (?:[^\[\( ]* > )?(?:\(\S*\) > )?%(host_info)sD=\d\S*s(?: C=\S*)?\s*$ > - ^%(pid)s (?:[\w\-]+ )?SMTP connection from (?:[^\[\( ]* > )?(?:\(\S*\) )?%(host_info)sclosed by DROP in ACL\s*$ > +failregex = ^\s*%(host_info)ssender verify fail for <\S+>: (?:Unknown > user|Unrouteable address|all relevant MX records point to non-existent > hosts)\s*$ > + ^\s*\w+ authenticator failed for (?:[^\[\( ]* )?(?:\(\S*\) > )?\[<HOST>\](?::\d+)?(?: I=\[\S+\](:\d+)?)?: 535 Incorrect authentication > data( > \(set_id=.*\)|: \d+ Time\(s\))?\s*$ > + ^\s*%(host_info)srejected RCPT [^@]+@\S+: (?:relay not > permitted|Sender verify failed|Unknown user|Unrouteable address)\s*$ > + ^\s*SMTP protocol synchronization error \([^)]*\): rejected > (?:connection from|"\S+") %(host_info)s(?:next )?input=".*"\s*$ > + ^\s*SMTP call from \S+ %(host_info)sdropped: too many nonmail > commands \(last was "\S+"\)\s*$ > + ^\s*SMTP protocol error in "[^"]+(?:"+[^"]*(?="))*?" > %(host_info)sLOGIN authentication mechanism not supported\s*$ > + ^\s*SMTP protocol error in "[^"]+(?:"+[^"]*(?="))*?" > %(host_info)sAUTH command used when not advertised\s*$ > + ^\s*no MAIL in SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) > )?%(host_info)sD=\d\S*s(?: C=\S*)?\s*$ > + ^\s*(?:[\w\-]+ )?SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) > )?%(host_info)sclosed by DROP in ACL\s*$ > <mdre-<mode>> >
