I now have a working filter for spotting checkpass violations on CentOS 6.
The error message does have two case variations.
Here's my sendmail-sasl.conf. Note there are two regex lines for failregex.
# Fail2Ban filter for sendmail authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = sendmail
failregex = ^%(__prefix_line)s\w{12,14}: AUTH failure \(LOGIN\):
authentication failure \(-13\) SASL\(-13\): authentication failure:
checkpass failed, relay=(\S+ )?\[<HOST>\]( \(may be forged\))?$
^%(__prefix_line)s\w{12,14}: AUTH failure \(Login\):
authentication failure \(-13\) SASL\(-13\): authentication failure:
checkpass failed, relay=(\S+ )?\[<HOST>\]( \(may be forged\))?$
ignoreregex =
# Author: Kenneth Porter
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
