From 81b3dbde1deab56955748277ef682523f6d862b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Thu, 11 Dec 2014 00:10:37 +0100 Subject: [PATCH 1/3] postfix-sasl failregex case insensitive --- config/filter.d/postfix-sasl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/postfix-sasl.conf b/config/filter.d/postfix-sasl.conf index 35b064d3..e038b695 100644 --- a/config/filter.d/postfix-sasl.conf +++ b/config/filter.d/postfix-sasl.conf @@ -9,7 +9,7 @@ before = common.conf _daemon = postfix/(submission/)?smtp(d|s) -failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ +failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ ignoreregex = From 190f55b06e531f06b425505909de9c8561ae6dff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Thu, 11 Dec 2014 01:34:20 +0100 Subject: [PATCH 2/3] Added an item to "Fixes" --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 690b168a..c3c314af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released multiple expressions was not possible). * filters.d/exim.conf - cover different settings of exim logs details. Thanks bes.internal + * filter.d/postfix-sasl.conf - failregex is now case insensitive - New Features: - New interpolation feature for config readers - `%(known/parameter)s`. From a9b6a3754b723001b26a87a2b3b1079754b83bfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= Date: Thu, 11 Dec 2014 21:01:52 +0100 Subject: [PATCH 3/3] downcase example --- fail2ban/tests/files/logs/postfix-sasl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fail2ban/tests/files/logs/postfix-sasl b/fail2ban/tests/files/logs/postfix-sasl index 697ac424..46c1e9da 100644 --- a/fail2ban/tests/files/logs/postfix-sasl +++ b/fail2ban/tests/files/logs/postfix-sasl @@ -8,3 +8,7 @@ Mar 10 13:33:30 gandalf postfix/smtpd[3937]: warning: HOSTNAME[1.1.1.1]: SASL LO #3 Example from postfix post-debian changes to rename to add "submission" to syslog name # failJSON: { "time": "2004-09-06T00:44:56", "match": true , "host": "82.221.106.233" } Sep 6 00:44:56 trianon postfix/submission/smtpd[11538]: warning: unknown[82.221.106.233]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 + +#4 Example from postfix post-debian changes to rename to add "submission" to syslog name + downcase +# failJSON: { "time": "2004-09-06T00:44:57", "match": true , "host": "82.221.106.233" } +Sep 6 00:44:57 trianon postfix/submission/smtpd[11538]: warning: unknown[82.221.106.233]: SASL login authentication failed: UGFzc3dvcmQ6