From 534be189dcd43f93182ee14f32ce78e67e5c5084 Mon Sep 17 00:00:00 2001 From: Steven Hiscocks Date: Sat, 20 Jul 2013 17:26:09 +0100 Subject: [PATCH] ENH: Improve sieve regex and add sample line --- config/filter.d/sieve.conf | 11 ++++++++++- testcases/files/logs/sieve | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/config/filter.d/sieve.conf b/config/filter.d/sieve.conf index 866b4228..83608fa6 100644 --- a/config/filter.d/sieve.conf +++ b/config/filter.d/sieve.conf @@ -4,15 +4,24 @@ # # +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + + [Definition] +_deamon = (?:cyrus/)?(?:tim)?sieved? + # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching. # Values: TEXT # -failregex = : badlogin: .*\[\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure$ +failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[\] (?:LOGIN|PLAIN|OTP|(?:CRAM|DIGEST)-MD5) authentication failure$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/testcases/files/logs/sieve b/testcases/files/logs/sieve index 5cc19673..770d17ad 100644 --- a/testcases/files/logs/sieve +++ b/testcases/files/logs/sieve @@ -1,2 +1,6 @@ # failJSON: { "time": "2004-12-01T20:36:56", "match": true , "host": "1.2.3.4" } Dec 1 20:36:56 mail sieve[23713]: badlogin: example.com[1.2.3.4] PLAIN authentication failure +# failJSON: { "time": "2005-07-18T17:21:58", "match": true , "host": "1.2.3.4" } +Jul 18 17:21:58 ophelia cyrus/timsieved[12305]: badlogin: example.com[1.2.3.4] PLAIN authentication failure +# failJSON: { "time": "2004-09-25T22:07:38", "match": true , "host": "1.2.3.4" } +Sep 25 22:07:38 web9 timsieved[21040]: badlogin: web4[1.2.3.4] OTP authentication failure