Update exim

When using Dovecot authentication for Exim, which is relatively common, the current regex for catching authentication failures needs a small tweak. The current plain|login options are too limiting and will only work in the cases when only the Exim's rudimentary built-in authentication is used. There can be not only the dovecot_login shown in this log example, but also dovecot_plain, ntlm, cram, cyrus, md5, and plenty of others. In fact many admins may opt for their own authentication labels, when setting up Exim. For this reason the regex should catch any label. I suggest modifying the regex in the following way: <pre>^%(pid)s \w+ authenticator failed for (\S+ )?$\S+$ \[<HOST>\]: 535 Incorrect authentication data( $set_id=.*$|: \d+ Time$s$)?\s*$</pre>
2014-01-13 01:18:09 +01:00 · 2014-01-13 01:18:09 +01:00 · 9f107403e8
parent 4d4060930b
commit 9f107403e8
1 changed files with 3 additions and 0 deletions
--- a/testcases/files/logs/exim
+++ b/testcases/files/logs/exim
@ -37,3 +37,6 @@

 # failJSON: { "time": "2013-09-02T09:19:07", "match": true , "host": "118.233.20.68" }
 2013-09-02 09:19:07 login authenticator failed for (gkzwsoju) [118.233.20.68]: 535 Incorrect authentication data
+
+# failJSON: { "time": "2014-01-12T02:07:48", "match": true , "host": "85.214.85.40" }
+2014-01-12 02:07:48 dovecot_login authenticator failed for h1832461.stratoserver.net (User) [85.214.85.40]: 535 Incorrect authentication data (set_id=scanner)