filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)

ChangeLog

@@ -46,6 +46,7 @@ ver. 0.10.6-dev (20??/??/??) - development edition
   so would bother the action interpolation
 * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line`
   should be interpolated in definition section (inside the filter-config, gh-2650)
+* `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh-2697)
 
 ### New Features
 

config/filter.d/courier-smtp.conf

@@ -12,7 +12,7 @@ before = common.conf
 
 _daemon = courieresmtpd
 
-prefregex = ^%(__prefix_line)serror,relay=<HOST>,<F-CONTENT>.+</F-CONTENT>$
+prefregex = ^%(__prefix_line)serror,relay=<HOST>,(?:port=\d+,)?<F-CONTENT>.+</F-CONTENT>$
 
 failregex = ^[^:]*: 550 User (<.*> )?unknown\.?$
             ^msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?(?: \S+)$

fail2ban/tests/files/logs/courier-smtp

@@ -12,3 +12,5 @@ Nov 21 23:16:17 server courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<>:
 Aug 14 12:51:04 HOSTNAME courieresmtpd: error,relay=::ffff:1.2.3.4,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.
 # failJSON: { "time": "2004-08-14T12:51:04", "match": true , "host": "1.2.3.4" }
 Aug 14 12:51:04 mail.server courieresmtpd[26762]: error,relay=::ffff:1.2.3.4,msg="535 Authentication failed.",cmd: AUTH PLAIN AAAAABBBBCCCCWxlZA== admin
+# failJSON: { "time": "2004-08-14T12:51:05", "match": true , "host": "192.0.2.3" }
+Aug 14 12:51:05 mail.server courieresmtpd[425070]: error,relay=::ffff:192.0.2.3,port=43632,msg="535 Authentication failed.",cmd: AUTH LOGIN PlcmSpIp@example.com