2014-03-24 13:16:52 +00:00
|
|
|
# Fail2Ban filter for unsuccessful solid-pop3 authentication attempts
|
2013-11-15 22:43:15 +00:00
|
|
|
#
|
2013-11-17 22:44:26 +00:00
|
|
|
# Doesn't currently provide PAM support as PAM log messages don't include rhost as
|
|
|
|
# remote IP.
|
2013-11-15 22:43:15 +00:00
|
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
before = common.conf
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
_daemon = solid-pop3d
|
|
|
|
|
2013-11-17 21:58:23 +00:00
|
|
|
failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - <HOST>$
|
|
|
|
^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - <HOST>$
|
|
|
|
^%(__prefix_line)sroot login not allowed - <HOST>$
|
|
|
|
^%(__prefix_line)scan't find APOP secret for user .*? - <HOST>$
|
2013-11-15 22:43:15 +00:00
|
|
|
|
|
|
|
ignoreregex =
|
|
|
|
|
|
|
|
# DEV Notes:
|
|
|
|
#
|
2013-11-17 21:58:23 +00:00
|
|
|
# solid-pop3d needs to be compiled with --enable-logextend to support
|
|
|
|
# IP addresses in log messages.
|
|
|
|
#
|
|
|
|
# solid-pop3d-0.15/src/main.c contains all authentication errors
|
|
|
|
# except for PAM authentication messages ( src/authenticate.c )
|
2013-11-17 22:44:26 +00:00
|
|
|
#
|
|
|
|
# A pam authentication failure message (note no IP for rhost).
|
|
|
|
# Nov 17 23:17:50 emf1pt2-2-35-70 solid-pop3d[17176]: pam_unix(solid-pop3d:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jacques
|
2013-11-17 21:58:23 +00:00
|
|
|
#
|
2013-11-15 22:43:15 +00:00
|
|
|
# Authors: Daniel Black
|