Re: [Fail2ban-users] Cyrus IMAP

[Tim Boneko via Fail2ban-users]

Hello Andrea!
I don't use Cyrus, so my filter.d/cyrus-imap.conf was the default one.
The failregex is

failregex = ^%(__prefix_line)sbadlogin: [^\[]*\[<HOST>\] \S+
.*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$

(line break added by mail client)

and it matches a file i created with your log example. The content of
my test file:

Oct 28 17:42:02 2345 imaps[93940]: badlogin: [222.2.1.45] plaintext
yyyyyyy SASL(-13): authentication failure: checkpass failed
Oct 28 17:42:02 3456 imaps[93941]: badlogin: [118.1.56.3] plaintext
yyyyyyy SASL(-13): authentication failure: checkpass failed

Happy testing!

    tim



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users