Thanks René ! After some googling I found another regex used in a a couple pages :
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: Found it in the following pages (annotated w/ Genius so that you can jump right to the line) : - https://genius.it/14815492/www.howtoforge.com/community/threads/fail2ban-postfix-sasl-conf-not-working-with-default-regex-filter.71081/ - https://genius.it/14815509/ubuntuforums.org/showthread.php?t=2278453 - https://genius.it/14815513/wiki.evolix.org/HowtoFail2Ban - https://genius.it/14815523/www.developpez.net/template/sc18bp0d0.jpg It seems like the (?i) is a kind of ignore case flag used for the whole regex. Wouldn't that slow down things ? I prefer your version which targets the only other possible spelling. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
