From b1160ab7cae051975a393519e1fddcfa73dab709 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 6 Sep 2006 19:34:03 +0000
Subject: [PATCH] - Added qmail and postfix filters - Updated vsftpd and
 couriersmtp

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@331 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST                         |  2 ++
 config/filter.d/couriersmtp.conf |  2 +-
 config/filter.d/postfix.conf     | 14 ++++++++++++++
 config/filter.d/qmail.conf       | 14 ++++++++++++++
 config/filter.d/vsftpd.conf      |  2 +-
 5 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 config/filter.d/postfix.conf
 create mode 100644 config/filter.d/qmail.conf

diff --git a/MANIFEST b/MANIFEST
index 4dbbf17a..9f386450 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -48,6 +48,8 @@ config/filter.d/vsftpd.conf
 config/filter.d/apache-auth.conf
 config/filter.d/sshd.conf
 config/filter.d/couriersmtp.conf
+config/filter.d/qmail.conf
+config/filter.d/postfix.conf
 config/action.d/iptables.conf
 config/action.d/mail-whois.conf
 config/action.d/dummy.conf
diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf
index 0a57373f..92d942b6 100644
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@@ -9,6 +9,6 @@
 
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile.
-# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
+# Values:  TEXT  Default:
 #
 failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
new file mode 100644
index 00000000..a226d28b
--- /dev/null
+++ b/config/filter.d/postfix.conf
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile.
+# Values:  TEXT  Default:
+#
+failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf
new file mode 100644
index 00000000..082f15cc
--- /dev/null
+++ b/config/filter.d/qmail.conf
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile.
+# Values:  TEXT  Default:
+#
+failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index f1c82be2..0c992359 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -11,4 +11,4 @@
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT Default: Authentication failure|Failed password|Invalid user
 #
-failregex = FAIL LOGIN
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)