Hi,
I'm using fail2ban-0.11 on fedora33 and would like to add the
following syslog entry to my postfix file:
Jul 15 18:41:26 cipher postfix/submission/smtpd[1935971]: warning:
wsip-24-249-23-200.ks.ks.cox.net[24.249.23.200]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
I see several SASL entries in there already, but none appear to match:
mdpr-auth = warning:
mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL
((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?!
Connection lost to authentication server| Invalid authentication
mechanism)
mdre-auth2= ^[^[]*\[<HOST>\]%(_port)s: SASL
((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?!
Connection lost to authentication server)
Is the proper procedure to create an mdre-auth3, then add it to the
mdre-aggressive line?
mdre-aggressive = %(mdre-auth2)s
%(mdre-normal)s
Thanks,
Alex
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
