Merge branch '0.10' into 0.11

.travis.yml

@@ -29,8 +29,11 @@ install:
   # Install Python packages / dependencies
   #   coverage
   - travis_retry pip install coverage
-  #   coveralls
-  - travis_retry pip install coveralls codecov
+  #   coveralls (note coveralls doesn't support 2.6 now):
+  - if [[ $TRAVIS_PYTHON_VERSION != 2.6* ]]; then F2B_COV=1; else F2B_COV=0; fi
+  - if [[ "$F2B_COV" = 1 ]]; then travis_retry pip install coveralls; fi
+  #   codecov:
+  - travis_retry pip install codecov
   #   dnspython or dnspython3
   - if [[ "$F2B_PY" = 2 ]]; then travis_retry pip install dnspython; fi
   - if [[ "$F2B_PY" = 3 ]]; then travis_retry pip install dnspython3; fi
@@ -51,7 +54,7 @@ script:
   # Doc files should get installed on Travis under Linux
   - test -e /usr/share/doc/fail2ban/FILTERS
 after_success:
-  - coveralls
+  - if [[ "$F2B_COV" = 1 ]]; then coveralls; fi
   - codecov
 matrix:
   fast_finish: true

ChangeLog

@@ -72,6 +72,9 @@ ver. 0.10.4-dev-1 (20??/??/??) - development edition
   - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)`
     (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter
     how to set it to mode `normal`.
+* `filter.d/domino-smtp.conf`:
+  - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
+  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected 
   and don't allowed in command-actions), see gh-2114;
 * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):

config/filter.d/domino-smtp.conf

@@ -35,9 +35,12 @@
 # 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
 # 08-09-2014 06:14:27   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4
 
-__prefix = (?:\[[^\]]+\])?\s+
-failregex = ^%(__prefix)sSMTP Server: Authentication failed for user .*? \; connecting host <HOST>$
-            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[<HOST>\] authentication failure using internet password\s*$
+__prefix = (?:\[[^\]]+\])?\s*
+__opt_data = (?::|\s+\[[^\]]+\])
+failregex = ^%(__prefix)sSMTP Server%(__opt_data)s Authentication failed for user .*? \; connecting host \[?<HOST>\]?$
+            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[?<HOST>\]? authentication failure using internet password\s*$
+            ^%(__prefix)sSMTP Server%(__opt_data)s Connection from \[?<HOST>\]? rejected for policy reasons\.
+
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT

fail2ban/tests/files/logs/domino-smtp

@@ -6,3 +6,8 @@
 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
 # failJSON: { "time": "2016-11-07T22:21:20", "match": true , "host": "1.2.3.4" }
 2016-11-07 22:21:20   smtp: postmaster [1.2.3.4] authentication failure using internet password
+
+# failJSON: { "time": "2018-09-19T17:25:50", "match": true , "host": "192.0.2.1", "desc":"different log-format" }
+2018-09-19 17:25:50   SMTP Server [0D14:0027-1334] Authentication failed for user Bad Hacker ; connecting host [192.0.2.1]
+# failJSON: { "time": "2018-09-19T17:25:52", "match": true , "host": "192.0.2.2", "desc":"gh-2228, rejected for policy reasons" }
+2018-09-19 17:25:52   SMTP Server [000527:000013-0000001227564800] Connection from [192.0.2.2] rejected for policy reasons. IP address of connecting host not found in reverse DNS lookup.