Hi Jonas,

are you sure that bug was not fixed for that version of
postfix+saslauthd which was in archive when I did upload
0.8.4+svn20110323-1 and that this is not just a new change in the
postfix log lines?  if not -- then this bug should have left RIP and you
should have filed a new one so I could actually know which version of
fail2ban you are talking about etc...

as far as I see it -- the changes you are talking about have long being
part of released fail2ban, since it was fixed upstream in

$> git describe 02e7dfb099ca0e417f6fc1d5c5d2ad88b7eb4b55
0.8.4-14-g02e7dfb

commit 02e7dfb099ca0e417f6fc1d5c5d2ad88b7eb4b55
Author: Yaroslav Halchenko <[email protected]>
Date:   Wed Mar 23 20:36:50 2011 +0000

    BF: allow space in the trailing of failregex for sasl.conf: see 
http://bugs.debian.org/573314
    
    git-svn-id: 
https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@772 
a942ae1a-1317-0410-a47c-b1dcaea8d605

diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
index 5cd8a6d..e316605 100644
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@@ -14,7 +14,7 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: 
[A-Za-z0-9+/]*={0,2})?$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ 
A-Za-z0-9+/]*={0,2})?$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


so please make sure you don't just carry outdated "config" files for fail2ban.
And if you find that it was a miss on your side -- please put this report back
to RIP with correct version where it was fixed afaik.

On Wed, 28 Aug 2013, Jonas Meurer wrote:

> Hello,

> unfortunately the failregex for SASL filter is still broken when
> used for Postfix+saslauthd.

> Following is an example failure log line:

> Aug 25 07:47:51 www postfix/smtpd[4525]: warning:
> host.example.tld[192.168.0.2]: SASL LOGIN authentication failed:
> authentication failure

> With upload of fail2ban 0.8.4+svn20110323-1, you changed the
> failregex at /etc/fail2ban/filter.d/sasl.conf to:

> failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
> (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
> [A-Za-z0-9+/]*={0,2})?$

> This regex doesn't match the failure log lines. The space is missing
> in the last regex part. This one works:

> failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL
> (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:
> [A-Za-z0-9+/ ]*={0,2})?$

> This has been discused here as well:
> http://www.howtoforge.com/forums/showthread.php?t=51349


> Seconds, I found a small typo in /etc/fail2ban/jail.conf line 241
> (section [sasl]): The mail warn log is '/var/log/mail.warn', not
> '/var/log/warn.log' ;)


> Kind regards,
>  jonas


-- 
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Senior Research Associate,     Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834                       Fax: +1 (603) 646-1419
WWW:   http://www.linkedin.com/in/yarik        


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to