From f4c7c8f4b303b8d450ea7a1073fb6ea23b7a186b Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sat, 5 Oct 2013 18:59:41 +1000 Subject: [PATCH 1/3] ENH: sasl - anchor regex at start --- ChangeLog | 1 + config/filter.d/sasl.conf | 20 +++++++------------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 46b12528..295d7156 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,6 +80,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests linux-pam before version 0.99.2.0 (2005) * filter.d/gssftpd - anchored regex at start * filter.d/mysqld-auth.conf - mysql can use syslog + * filter.d/sasl - anchor at start and base on syslog * fail2ban-regex - now generates http://www.debuggex.com urls for debugging regular expressions with the -D parameter. * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf index 6c4aeba7..c720abc1 100644 --- a/config/filter.d/sasl.conf +++ b/config/filter.d/sasl.conf @@ -4,19 +4,13 @@ # # +[INCLUDES] + +before = common.conf + [Definition] -# Option: failregex -# Notes.: regex to match the password failures messages in the logfile. The -# host must be matched by a group named "host". The tag "" can -# be used for standard IP/hostname matching and is only an alias for -# (?:::f{4,6}:)?(?P[\w\-.^_]+) -# Values: TEXT -# -failregex = (?i): warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ +_daemon = postfix/smtpd + +failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ -# Option: ignoreregex -# Notes.: regex to ignore. If this regex matches, the line is ignored. -# Values: TEXT -# -ignoreregex = From 4ecc063bd016fe9bc662028e548f93dccc1c2294 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 22 Oct 2013 22:40:29 +1100 Subject: [PATCH 2/3] ENH: rename filter.d/sasl -> filter.d/postfix-sasl --- ChangeLog | 3 ++- config/filter.d/{sasl.conf => postfix-sasl.conf} | 0 config/jail.conf | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) rename config/filter.d/{sasl.conf => postfix-sasl.conf} (100%) diff --git a/ChangeLog b/ChangeLog index 295d7156..29f617d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -80,7 +80,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests linux-pam before version 0.99.2.0 (2005) * filter.d/gssftpd - anchored regex at start * filter.d/mysqld-auth.conf - mysql can use syslog - * filter.d/sasl - anchor at start and base on syslog + * filter.d/postfix-sasl - renamed from sasl, anchor at start and base on + syslog * fail2ban-regex - now generates http://www.debuggex.com urls for debugging regular expressions with the -D parameter. * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian diff --git a/config/filter.d/sasl.conf b/config/filter.d/postfix-sasl.conf similarity index 100% rename from config/filter.d/sasl.conf rename to config/filter.d/postfix-sasl.conf diff --git a/config/jail.conf b/config/jail.conf index 80b774e5..88baf57f 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -83,7 +83,7 @@ maxretry = 6 [sasl-iptables] enabled = false -filter = sasl +filter = postfix-sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=you@example.com] From 92f9e049ee77032c09d1e5114ee3e5d3a96f4fb6 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 22 Oct 2013 22:44:49 +1100 Subject: [PATCH 3/3] TST: rename test log file to match --- testcases/files/logs/{sasl => postfix-sasl} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename testcases/files/logs/{sasl => postfix-sasl} (100%) diff --git a/testcases/files/logs/sasl b/testcases/files/logs/postfix-sasl similarity index 100% rename from testcases/files/logs/sasl rename to testcases/files/logs/postfix-sasl