fail2ban/config/filter.d/solid-pop3d.conf

33 lines
1.1 KiB
Plaintext
Raw Normal View History

# Fail2Ban filter for unsuccessful solid-pop3 authentication attempts
2013-11-15 22:43:15 +00:00
#
# Doesn't currently provide PAM support as PAM log messages don't include rhost as
# remote IP.
2013-11-15 22:43:15 +00:00
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = solid-pop3d
failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - <HOST>$
^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - <HOST>$
^%(__prefix_line)sroot login not allowed - <HOST>$
^%(__prefix_line)scan't find APOP secret for user .*? - <HOST>$
2013-11-15 22:43:15 +00:00
ignoreregex =
# DEV Notes:
#
# solid-pop3d needs to be compiled with --enable-logextend to support
# IP addresses in log messages.
#
# solid-pop3d-0.15/src/main.c contains all authentication errors
# except for PAM authentication messages ( src/authenticate.c )
#
# A pam authentication failure message (note no IP for rhost).
# Nov 17 23:17:50 emf1pt2-2-35-70 solid-pop3d[17176]: pam_unix(solid-pop3d:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jacques
#
2013-11-15 22:43:15 +00:00
# Authors: Daniel Black