Hello Andrea!
I don't use Cyrus, so my filter.d/cyrus-imap.conf was the default one.
The failregex is
failregex = ^%(__prefix_line)sbadlogin: [^\[]*\[<HOST>\] \S+
.*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$
(line break added by mail client)
and it matches a file i created with your log example. The content of
my test file:
Oct 28 17:42:02 2345 imaps[93940]: badlogin: [222.2.1.45] plaintext
yyyyyyy SASL(-13): authentication failure: checkpass failed
Oct 28 17:42:02 3456 imaps[93941]: badlogin: [118.1.56.3] plaintext
yyyyyyy SASL(-13): authentication failure: checkpass failed
Happy testing!
tim
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
