From 3b76fc79f9a6269aca915fc33ea15fcef1709ffb Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Mon, 1 Jul 2013 21:12:51 +1000 Subject: [PATCH] BF: fix dovecot filter for when no TLS is enabled on pop/imap --- ChangeLog | 2 ++ THANKS | 1 + config/filter.d/dovecot.conf | 2 +- testcases/files/logs/dovecot | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 45c6f343..c11215a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released - Fixes: Yaroslav Halchenko * filter.d/common.conf -- make colon after [daemon] optional. Closes gh-267 + Daniel Black & Мернов Георгий + * filter.d/dovecot.conf -- Fix when no TLS enabled - line doesn't end in , - New Features: Daniel Black & ykimon * filter.d/3proxy.conf -- filter added diff --git a/THANKS b/THANKS index f8b18daa..eac3c6f0 100644 --- a/THANKS +++ b/THANKS @@ -33,6 +33,7 @@ Mark Edgington Markus Hoffmann Marvin Rouge mEDI +Мернов Георгий Michael C. Haller Michael Hanselmann NickMunger diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf index dd4c35ba..e3702fcf 100644 --- a/config/filter.d/dovecot.conf +++ b/config/filter.d/dovecot.conf @@ -17,7 +17,7 @@ _daemon = dovecot(-auth)? # Values: TEXT # failregex = ^%(__prefix_line)s(pam_unix(?:\(\S+\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=(\s+user=\S*)?\s*$ - ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \((no auth attempts|auth failed, \d+ attempts|tried to use disabled \S+ auth)\):( user=<\S+>,)?( method=\S+,)? rip=, lip=(\d{1,3}\.){3}\d{1,3},( TLS( handshaking)?(: Disconnected)?)?\s*$ + ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \((no auth attempts|auth failed, \d+ attempts|tried to use disabled \S+ auth)\):( user=<\S+>,)?( method=\S+,)? rip=, lip=(?:\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/testcases/files/logs/dovecot b/testcases/files/logs/dovecot index f904a8fe..01df0af3 100644 --- a/testcases/files/logs/dovecot +++ b/testcases/files/logs/dovecot @@ -12,4 +12,5 @@ Jun 14 00:48:21 platypus dovecot: imap-login: Disconnected (auth failed, 1 attem Jun 13 20:48:11 platypus dovecot: pop3-login: Disconnected (no auth attempts): rip=121.44.24.254, lip=113.212.99.194, TLS: Disconnected Jun 13 21:48:06 platypus dovecot: pop3-login: Disconnected: Inactivity (no auth attempts): rip=180.200.180.81, lip=113.212.99.194, TLS Jun 13 20:20:21 platypus dovecot: imap-login: Disconnected (no auth attempts): rip=180.189.168.166, lip=113.212.99.194, TLS handshaking: Disconnected +Jun 23 00:52:43 vhost1-ua dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts): user=, method=PLAIN, rip=193.95.245.163, lip=176.214.13.210