From 262616f7a7dde76ad64162a38852e4f052adee42 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 1 Oct 2013 22:32:57 +1000 Subject: [PATCH] ENH: filter.d/uwimap-auth - failure of an admin override to regex --- config/filter.d/uwimap-auth.conf | 1 + testcases/files/logs/uwimap-auth | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/config/filter.d/uwimap-auth.conf b/config/filter.d/uwimap-auth.conf index 5e39fbbf..b166f3fc 100644 --- a/config/filter.d/uwimap-auth.conf +++ b/config/filter.d/uwimap-auth.conf @@ -11,5 +11,6 @@ before = common.conf _daemon = (?:ipop3d|imapd) failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[\]\s*$ + ^%(__prefix_line)sFailed .* override of user=.* host=.*\[\]\s*$ ignoreregex = diff --git a/testcases/files/logs/uwimap-auth b/testcases/files/logs/uwimap-auth index ee141bd4..71317922 100644 --- a/testcases/files/logs/uwimap-auth +++ b/testcases/files/logs/uwimap-auth @@ -16,3 +16,7 @@ Apr 8 16:32:01 abdon imapd[29087]: Login excessive login failures user=brada aut # http://www.howtoforge.com/forums/showthread.php?t=3786 # failJSON: { "time": "2005-04-08T16:32:01", "match": true , "host": "127.0.0.1" } Apr 8 16:32:01 abdon imapd[21172]: Login disabled user=test auth=test host=localhost.localdomain [127.0.0.1] + +# http://mailman2.u.washington.edu/pipermail/imap-uw/2008-February/001889.html +# failJSON: { "time": "2005-02-23T12:36:01", "match": true , "host": "127.0.55.22" } +Feb 23 12:36:01 r2 imapd[3473]: Failed uwmaster override of user=pro1 host=r22.j.de [127.0.55.22]