From 58b510a5be3b2399a602680d62a15118dad45cd3 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 21 Sep 2018 14:14:00 +0200
Subject: [PATCH 1/2] filter.d/domino-smtp.conf:   - recognizes failures logged
 using another format (something like session-id, IP enclosed in square
 brackets);   - failregex extended to catch connections rejected for policy
 reasons (gh-2228);

---
 ChangeLog                             | 3 +++
 config/filter.d/domino-smtp.conf      | 9 ++++++---
 fail2ban/tests/files/logs/domino-smtp | 5 +++++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e18b5ec0..30cffd14 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,9 @@ ver. 0.10.4-dev-1 (20??/??/??) - development edition
   - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)`
     (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter
     how to set it to mode `normal`.
+* `filter.d/domino-smtp.conf`:
+  - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
+  - failregex extended to catch connections rejected for policy reasons (gh-2228);
 * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected 
   and don't allowed in command-actions), see gh-2114;
 * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):
diff --git a/config/filter.d/domino-smtp.conf b/config/filter.d/domino-smtp.conf
index cdc17736..638cd7c5 100644
--- a/config/filter.d/domino-smtp.conf
+++ b/config/filter.d/domino-smtp.conf
@@ -35,9 +35,12 @@
 # 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
 # 08-09-2014 06:14:27   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4
 
-__prefix = (?:\[[^\]]+\])?\s+
-failregex = ^%(__prefix)sSMTP Server: Authentication failed for user .*? \; connecting host <HOST>$
-            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[<HOST>\] authentication failure using internet password\s*$
+__prefix = (?:\[[^\]]+\])?\s*
+__opt_data = (?::|\s+\[[^\]]+\])
+failregex = ^%(__prefix)sSMTP Server%(__opt_data)s Authentication failed for user .*? \; connecting host \[?<HOST>\]?$
+            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[?<HOST>\]? authentication failure using internet password\s*$
+            ^%(__prefix)sSMTP Server%(__opt_data)s Connection from \[?<HOST>\]? rejected for policy reasons\.
+
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
diff --git a/fail2ban/tests/files/logs/domino-smtp b/fail2ban/tests/files/logs/domino-smtp
index 4987e7ea..957d593f 100644
--- a/fail2ban/tests/files/logs/domino-smtp
+++ b/fail2ban/tests/files/logs/domino-smtp
@@ -6,3 +6,8 @@
 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
 # failJSON: { "time": "2016-11-07T22:21:20", "match": true , "host": "1.2.3.4" }
 2016-11-07 22:21:20   smtp: postmaster [1.2.3.4] authentication failure using internet password
+
+# failJSON: { "time": "2018-09-19T17:25:50", "match": true , "host": "192.0.2.1", "desc":"different log-format" }
+2018-09-19 17:25:50   SMTP Server [0D14:0027-1334] Authentication failed for user Bad Hacker ; connecting host [192.0.2.1]
+# failJSON: { "time": "2018-09-19T17:25:52", "match": true , "host": "192.0.2.2", "desc":"gh-2228, rejected for policy reasons" }
+2018-09-19 17:25:52   SMTP Server [000527:000013-0000001227564800] Connection from [192.0.2.2] rejected for policy reasons. IP address of connecting host not found in reverse DNS lookup.

From 2a4c47ea32b2e483746c757896ff0d63a1403f6b Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 21 Sep 2018 14:47:40 +0200
Subject: [PATCH 2/2] .travis.yml: coveralls doesn't support python 2.6 now

---
 .travis.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 16a71249..ebfcd68e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -29,8 +29,11 @@ install:
   # Install Python packages / dependencies
   #   coverage
   - travis_retry pip install coverage
-  #   coveralls
-  - travis_retry pip install coveralls codecov
+  #   coveralls (note coveralls doesn't support 2.6 now):
+  - if [[ $TRAVIS_PYTHON_VERSION != 2.6* ]]; then F2B_COV=1; else F2B_COV=0; fi
+  - if [[ "$F2B_COV" = 1 ]]; then travis_retry pip install coveralls; fi
+  #   codecov:
+  - travis_retry pip install codecov
   #   dnspython or dnspython3
   - if [[ "$F2B_PY" = 2 ]]; then travis_retry pip install dnspython; fi
   - if [[ "$F2B_PY" = 3 ]]; then travis_retry pip install dnspython3; fi
@@ -51,7 +54,7 @@ script:
   # Doc files should get installed on Travis under Linux
   - test -e /usr/share/doc/fail2ban/FILTERS
 after_success:
-  - coveralls
+  - if [[ "$F2B_COV" = 1 ]]; then coveralls; fi
   - codecov
 matrix:
   fast_finish: true