Bug#812690: postfix SASL login failures are not detected

2021-10-12 Thread Mike Gerber 

notfound 812690 0.11.2-2

fixed 812690 0.11.2-2

thanks


The rules are working in postfix.conf now, and postfix-sasl.conf is gone.

Bug#812690: postfix SASL login failures are not detected

2016-02-25 Thread Paul Dean 
Hi,

Seems this is a slightly wider issue, maybe with just postfix and postfi-sasl 
filters.

The regex for the filters are missing the port after the host IP that is 
connects to, as this seems to be a new thing that is logged(well not that I've 
noticed previously).

The "fix" or work around for this was to add (\d*?:)? after \[\]: in the 
two filter conf files.

So for fuller context, the postfix-sasl.conf failregex line would change from:

failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ 
A-Za-z0-9+/]*={0,2})?\s*$

to

failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]:(\d*?:)? SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ 
A-Za-z0-9+/]*={0,2})?\s*$

There maybe more .conf files that might need the regex updated too.

HTH

Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 
GNU/Linux

libc6:amd64  2.19-18+deb8u3
sasl2-bin2.1.26.dfsg1-13
postfix  2.11.3-1

-- 

Thanks

Paul Dean.

"Life is not WHAT you make it, it's WHO you have in it..."


pgpE9EUwuXEL9.pgp
Description: OpenPGP digital signature

Bug#812690: postfix SASL login failures are not detected

2016-01-25 Thread David Galligani 

Package: fail2ban
Version: 0.8.13-1

(Same as bug #507990 which results fixed, but seems it's not :) )


When using postfix with dovecot as the SASL authenticator, fail2ban 
fails to detect auth errors as this one:


BEGINS
Jan 25 22:25:05  postfix/submission/smtpd[17942]: warning: 
unknown[198.50.137.148]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 25 22:25:23  postfix/submission/smtpd[17942]: warning: 
unknown[198.50.137.148]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 25 22:25:43  postfix/submission/smtpd[17942]: warning: 
unknown[198.50.137.148]: SASL LOGIN authentication failed: Connection 
lost to authentication server

END-

the current regex does not match :

failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ 
A-Za-z0-9+/]*={0,2})?\s*$


this one ( as suggested  by Udo Rader  in 
relation to bug#507990) does:


: warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) 
authentication failed: \w+




Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u1 (2015-12-14) 
x86_64 GNU/Linux


Libc6: Version: 2.19-18+deb8u1

--
*David Galligani *