https://bugs.contribs.org/show_bug.cgi?id=8955
John Crisp <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CLOSED |UNCONFIRMED
Version|8.1 |9.2
Resolution|NOTABUG |---
Ever confirmed|1 |0
--- Comment #3 from John Crisp <[email protected]> ---
Going to reopen and move to v9 following the issues with sqpsmtpd and this
thread:
https://forums.contribs.org/index.php/topic,53769.0.html
I found that the original line in the qpsmtpd.conf file did not work and I
wrote my own modified version.
Here's a test:
==============================================================
Existing line:
[root@esmith qpsmtpd]# fail2ban-regex /var/log/qpsmtpd/current
"^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied
before queued$"
Running tests
=============
Use failregex line : ^\s*\d+\s*logging::logterse plugin \(deny\): ` <HO...
Use log file : /var/log/qpsmtpd/current
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [24682] TAI64N
`-
Lines: 24682 lines, 0 ignored, 0 matched, 24682 missed
[processed in 1.36 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 24682
lines
Zero hits....
==============================================================
Modified version
[root@esmith qpsmtpd]# fail2ban-regex /var/log/qpsmtpd/current
"^\s*\d+\s*\(deny\) logging::logterse: \` <HOST>\s*.*90\d.*msg denied before
queued$"
Running tests
=============
Use failregex line : ^\s*\d+\s*\(deny\) logging::logterse: ` <HOST>\s*....
Use log file : /var/log/qpsmtpd/current
Use encoding : UTF-8
Results
=======
Failregex: 173 total
|- #) [# of hits] regular expression
| 1) [173] ^\s*\d+\s*\(deny\) logging::logterse: ` <HOST>\s*.*90\d.*msg
denied before queued$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [24682] TAI64N
`-
Lines: 24682 lines, 0 ignored, 173 matched, 24509 missed
[processed in 1.40 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 24509
lines
==============================================================
173 matched on the same file.
Here's the log format we should be looking for, one from qpsmtpd logs and one
from sqpsmtpd logs:
(deny) logging::logterse: ` 71.6.199.23 ubuntu1619923.aspadmin.com
openssl.client.net tls 901 TLS Negotiation Failed
msg denied before queued
(deny) logging::logterse: ` 191.53.200.26
191-53-200-26.dvl-wr.mastercabo.com.br tls 903
Cannot establish SSL session msg denied before queued
I can't do anymore right now as I am just leaving for the weekend.
I'll look further next week.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
