Hi,
I have a fedora23 system with fail2ban-0.9.3 and firewalld. I'm having
difficulty matching the following, and hoped someone could help:
May 22 13:17:58 email postfix/submission/smtpd[13700]: warning:
cpe-24-162-143-15.hot.res.rr.com[24.162.143.15]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
I can match with something like the following:
failregex = .*warning: .*\[<HOST>\]: SASL LOGIN authentication failed:.*$
but I'd like to figure out why I can't match on the more specific
pattern involving postfix/submission/smtpd[13700].
I've tried variations like:
_daemon = postfix/(submission/)?smtp(d|s)
failregex = ^%(__prefix_line)semail %(_daemon)swarning:
[-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5)
authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
Much of this was from an existing fail2ban filter.
Thanks for any ideas,
Alex
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
