Hello,
unfortunately the failregex for SASL filter is still broken when used
for Postfix+saslauthd.
Following is an example failure log line:
Aug 25 07:47:51 www postfix/smtpd[4525]: warning:
host.example.tld[192.168.0.2]: SASL LOGIN authentication failed:
authentication failure
With upload of fail2ban 0.8.4+svn20110323-1, you changed the failregex
at /etc/fail2ban/filter.d/sasl.conf to:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
[A-Za-z0-9+/]*={0,2})?$
This regex doesn't match the failure log lines. The space is missing in
the last regex part. This one works:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/
]*={0,2})?$
This has been discused here as well:
http://www.howtoforge.com/forums/showthread.php?t=51349
Seconds, I found a small typo in /etc/fail2ban/jail.conf line 241
(section [sasl]): The mail warn log is '/var/log/mail.warn', not
'/var/log/warn.log' ;)
Kind regards,
jonas
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]