Merge pull request #378 from grooverdan/sasl

ENH: filter.d/postfix-sasl - anchor regex at start and rename from filter.d/sasl

ChangeLog

@@ -89,6 +89,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/gssftpd - anchored regex at start
    * filter.d/sogo-auth - anchor regex at start
    * filter.d/mysqld-auth.conf - mysql can use syslog
+   * filter.d/postfix-sasl - renamed from sasl, anchor at start and base on
+     syslog
    * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.
    * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian

config/filter.d/postfix-sasl.conf

@@ -0,0 +1,16 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
+

config/filter.d/sasl.conf

@@ -1,22 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Yaroslav Halchenko
-#
-#
-
-[Definition]
-
-# Option: failregex
-# Notes.: regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values: TEXT
-#
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex = 

config/jail.conf

@@ -92,7 +92,7 @@ maxretry = 6
 [sasl-iptables]
 
 enabled  = false
-filter   = sasl
+filter   = postfix-sasl
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
            sendmail-whois[name=sasl, dest=you@example.com]