github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'exim' of https://github.com/grooverdan/fail2ban 

* 'exim' of https://github.com/grooverdan/fail2ban:
  BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
  ENH: readibility thanks to Yaroslav
  ENH/BF: exim improvements with sample

Conflicts:
	ChangeLog
pull/265/merge
Yaroslav Halchenko 2013-06-14 12:28:07 -04:00
parent ec629ab4e8 8cc13b5b40
commit 173fe48e77
4 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -18,8 +18,9 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
Daniel Black Daniel Black
* filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening
and extra failure examples in sample logs and extra failure examples in sample logs
Daniel Black & Georgiy Mernov
>>>>>>> 9940cd1b6b0146c2a088edab611e8d77e1d2984d * filter.d/exim.conf -- regex hardening and extra failure examples in
sample logs
ver. 0.8.10 (2013/06/12) - wanna-be-secure ver. 0.8.10 (2013/06/12) - wanna-be-secure
----------- -----------

1
THANKS
View File

@ -18,6 +18,7 @@ Daniel Black
David Nutter David Nutter
Eric Gerbier Eric Gerbier
Enrico Labedzki Enrico Labedzki
Georgiy Mernov
Guillaume Delvit Guillaume Delvit
Hanno 'Rince' Wagner Hanno 'Rince' Wagner
Iain Lea Iain Lea

4
config/filter.d/exim.conf
View File

@ -13,8 +13,8 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT # Values: TEXT
# #
failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address) failregex = ^ H=\S+ \(\S+\) \[<HOST>\] sender verify fail for <\S+>: (?:rejected by local_scan|Unrouteable address)\s*$
login authenticator failed for .* \[<HOST>\]: 535 Incorrect authentication data \(set_id=.*\)\s*$ ^ login authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

4
testcases/files/logs/exim
View File

@ -1,2 +1,6 @@
# From IRC 2013-01-04 # From IRC 2013-01-04
2013-01-04 17:03:46 login authenticator failed for rrcs-24-106-174-74.se.biz.rr.com ([192.168.2.33]) [24.106.174.74]: 535 Incorrect authentication data (set_id=brian) 2013-01-04 17:03:46 login authenticator failed for rrcs-24-106-174-74.se.biz.rr.com ([192.168.2.33]) [24.106.174.74]: 535 Incorrect authentication data (set_id=brian)
# From IRC 2013-06-13 XATRIX (Georgiy Mernov)
2013-06-12 03:57:58 login authenticator failed for (ylmf-pc) [120.196.140.45]: 535 Incorrect authentication data: 1 Time(s)
2013-06-12 13:18:11 login authenticator failed for (USER-KVI9FGS9KP) [101.66.165.86]: 535 Incorrect authentication data
2013-06-10 10:10:59 H=ufficioestampa.it (srv.ufficioestampa.it) [193.169.56.211] sender verify fail for <user@example.com>: Unrouteable address