Hello,

unfortunately the failregex for SASL filter is still broken when used for Postfix+saslauthd.

Following is an example failure log line:

Aug 25 07:47:51 www postfix/smtpd[4525]: warning: host.example.tld[192.168.0.2]: SASL LOGIN authentication failed: authentication failure

With upload of fail2ban 0.8.4+svn20110323-1, you changed the failregex at /etc/fail2ban/filter.d/sasl.conf to:

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$

This regex doesn't match the failure log lines. The space is missing in the last regex part. This one works:

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*={0,2})?$

This has been discused here as well: http://www.howtoforge.com/forums/showthread.php?t=51349


Seconds, I found a small typo in /etc/fail2ban/jail.conf line 241 (section [sasl]): The mail warn log is '/var/log/mail.warn', not '/var/log/warn.log' ;)


Kind regards,
 jonas


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to