Hi to all
so I am a step further to get reporting via filter. I tried to register a lot
of events and I get a lot of information but it seems that the event
smtp failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command
not supported"
is not reported via the api.
Hi Mohamad,
exactly thats it. Renaming it to auth-logger solved the "syntax error"
Regards
Hagen
On Thu, Jun 23, 2022 at 06:36:46AM -0700, Mohamad Safadieh wrote:
Hi Hagen,
I'm pretty sure "auth" is a reserved keyword. Renaming your filter to something other
than "auth" should fix it.
Hi Hagen,
I'm pretty sure "auth" is a reserved keyword. Renaming your filter to something
other than "auth" should fix it.
Regards,
Mohamad
On Thu, Jun 23, 2022, at 6:23 AM, Pete wrote:
> Hi,
>
> it says right there in the message...
> Line 13 and 26 in /usr/local/etc/mail/smtpd.conf
>
>>
Hi,
it says right there in the message...
Line 13 and 26 in /usr/local/etc/mail/smtpd.conf
> service smtpd restart
> Performing sanity check on smtpd configuration:
> /usr/local/etc/mail/smtpd.conf:13: syntax error
> /usr/local/etc/mail/smtpd.conf:26: syntax error
> -
> Any idea where the
Hi Reio,
this is my first filter plus my first go program so I might miss something.
This is what I did
pkg install go
git clone https://github.com/whataboutpereira/filter-auth.git
cd filter-auth/
go build filter-auth.go
cp filter-auth /usr/local/libexec/opensmtpd/opensmtpd-filter-auth
Hi Reio,
great that looks like a solution for me. I will give it a try.
Regards
Hagen
On Wed, Jun 22, 2022 at 10:16:00PM +0300, Reio Remma wrote:
Filters are indeed the way to go.
I'm personally using a reporter to log failed authentications which
I'm feeding to fail2ban to block.
Filters are indeed the way to go.
I'm personally using a reporter to log failed authentications which I'm
feeding to fail2ban to block.
https://github.com/whataboutpereira/filter-auth
Good luck
Reio
On 22.06.2022 20:56, Pete wrote:
Hi,
the best is probably to implement a custom report ing
Hi,
the best is probably to implement a custom report ing filter that fits you
needs.
http://man.openbsd.org/man7/smtpd-filters.7
> Hi,
> i would like to use crowdsec to evaluate my mail logs. My current idea is to
> block all users that try to login on port 25
> ```
> smtp connected
Hi,
i would like to use crowdsec to evaluate my mail logs. My current idea is to
block all users that try to login on port 25
```
smtp connected address=43.zzz.yy.xx host=
smtp failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command
not supported"
```
So the trigger is
