filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)

ChangeLog

@@ -39,6 +39,7 @@ releases.
     - fixed failregex of "AUTH command used when not advertised" to better handle the foreign
       input SMTP command (lower/mixed case auth command, prevent injection) (gh-1979)
 * filter.d/postfix-*.conf - added optional port regex (gh-1902)
+* filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
 
 ### New Features
 

config/filter.d/sendmail-auth.conf

@@ -7,7 +7,7 @@ before = common.conf
 
 [Definition]
 
-_daemon = (?:sm-(mta|acceptingconnections))
+_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
 
 failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
 

fail2ban/tests/files/logs/sendmail-auth

@@ -10,3 +10,7 @@ Feb 24 12:10:15 kismet sm-acceptingconnections[32053]: s1OHA28u032053: 211-75-6-
 
 # failJSON: { "time": "2005-02-24T13:00:17", "match": true , "host": "95.70.241.192" }
 Feb 24 13:00:17 kismet sm-acceptingconnections[1499]: s1OHxxSn001499: 192.241.70.95.dsl.static.turk.net [95.70.241.192] (may be forged): possible SMTP attack: command=AUTH, count=6
+
+# gh-1632, Fedora 24/RHEL - the daemon name is "sendmail":
+# failJSON: { "time": "2005-02-24T14:00:00", "match": true , "host": "192.0.2.1" }
+Feb 24 14:00:00 server sendmail[26592]: u0CB32qX026592: [192.0.2.1]: possible SMTP attack: command=AUTH, count=5