From 359210f2247e8e845442879aaa581096642554dc Mon Sep 17 00:00:00 2001 From: Daniel Black <grooverdan@users.sourceforge.net> Date: Tue, 8 Oct 2013 20:37:33 +1100 Subject: [PATCH 1/2] ENH: filter.d/squirrelmail added --- config/filter.d/squirrelmail.conf | 4 ++++ config/jail.conf | 5 +++++ fail2ban/tests/files/logs/squirrelmail | 3 +++ 3 files changed, 12 insertions(+) create mode 100644 config/filter.d/squirrelmail.conf create mode 100644 fail2ban/tests/files/logs/squirrelmail diff --git a/config/filter.d/squirrelmail.conf b/config/filter.d/squirrelmail.conf new file mode 100644 index 00000000..124ca2f8 --- /dev/null +++ b/config/filter.d/squirrelmail.conf @@ -0,0 +1,4 @@ + +[Definition] + +failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect.$ diff --git a/config/jail.conf b/config/jail.conf index 178a4c5f..3e87fa05 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -448,6 +448,11 @@ logpath = /var/log/mail.log port = imap2,imap3,imaps,pop3,pop3s logpath = /var/log/maillog +[squirrelmail] + +port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks +logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log + # # DNS servers # diff --git a/fail2ban/tests/files/logs/squirrelmail b/fail2ban/tests/files/logs/squirrelmail new file mode 100644 index 00000000..3d1cf982 --- /dev/null +++ b/fail2ban/tests/files/logs/squirrelmail @@ -0,0 +1,3 @@ + +# failJSON: { "time": "2013-10-06T15:50:41", "match": true , "host": "151.64.44.11" } +10/06/2013 15:50:41 [LOGIN_ERROR] dadas (mydomain.org) from 151.64.44.11: Unknown user or password incorrect. From f2e55e8499744e6b1f9196d2033e25c53c23c61d Mon Sep 17 00:00:00 2001 From: Daniel Black <grooverdan@users.sourceforge.net> Date: Sun, 12 Jan 2014 20:27:36 +1100 Subject: [PATCH 2/2] ENH: add filter for squirrelmail. Closes gh-261 --- ChangeLog | 1 + config/filter.d/squirrelmail.conf | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 57b03e18..2a78fcdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -59,6 +59,7 @@ configuration before relying on it. * Filter for stunnel * Filter for Counter Strike 1.6. Thanks to onorua for logs. Close gh-347 + * Filter for squirrelmail. Close gh-261 - Enhancements * Jail names increased to 26 characters and iptables prefix reduced diff --git a/config/filter.d/squirrelmail.conf b/config/filter.d/squirrelmail.conf index 124ca2f8..9defd8d6 100644 --- a/config/filter.d/squirrelmail.conf +++ b/config/filter.d/squirrelmail.conf @@ -1,4 +1,13 @@ [Definition] -failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect.$ +failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$ + + +[Init] + +datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S + +# DEV NOTES: +# +# Author: Daniel Black