Merge branch 'exim' of https://github.com/grooverdan/fail2ban

* 'exim' of https://github.com/grooverdan/fail2ban: BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address ENH: readibility thanks to Yaroslav ENH/BF: exim improvements with sample Conflicts: ChangeLog
2013-06-14 12:28:07 -04:00 · 2013-06-14 12:28:07 -04:00 · 173fe48e77
parent ec629ab4e8 8cc13b5b40
commit 173fe48e77
4 changed files with 10 additions and 4 deletions
--- a/5
+++ b/5
@ -18,8 +18,9 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
  Daniel Black
   * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening
     and extra failure examples in sample logs
-  
->>>>>>> 9940cd1b6b0146c2a088edab611e8d77e1d2984d
+  Daniel Black & Georgiy Mernov
+   * filter.d/exim.conf -- regex hardening and extra failure examples in
+     sample logs

 ver. 0.8.10 (2013/06/12) - wanna-be-secure
 -----------
--- a/1
+++ b/1
@ -18,6 +18,7 @@ Daniel Black
 David Nutter
 Eric Gerbier
 Enrico Labedzki
+Georgiy Mernov
 Guillaume Delvit
 Hanno 'Rince' Wagner
 Iain Lea
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@ -13,8 +13,8 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
-             login authenticator failed for .* \[<HOST>\]: 535 Incorrect authentication data \(set_id=.*\)\s*$
+failregex = ^ H=\S+ \(\S+\) \[<HOST>\] sender verify fail for <\S+>: (?:rejected by local_scan|Unrouteable address)\s*$
+             ^ login authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/testcases/files/logs/exim
+++ b/testcases/files/logs/exim
@ -1,2 +1,6 @@
 # From IRC 2013-01-04
 2013-01-04 17:03:46 login authenticator failed for rrcs-24-106-174-74.se.biz.rr.com ([192.168.2.33]) [24.106.174.74]: 535 Incorrect authentication data (set_id=brian)
+# From IRC 2013-06-13 XATRIX (Georgiy Mernov)
+2013-06-12 03:57:58 login authenticator failed for (ylmf-pc) [120.196.140.45]: 535 Incorrect authentication data: 1 Time(s)
+2013-06-12 13:18:11 login authenticator failed for (USER-KVI9FGS9KP) [101.66.165.86]: 535 Incorrect authentication data
+2013-06-10 10:10:59 H=ufficioestampa.it (srv.ufficioestampa.it) [193.169.56.211] sender verify fail for <user@example.com>: Unrouteable address