From 3777591ab0ccb473397ed88ffe4c96d7db893a93 Mon Sep 17 00:00:00 2001
From: Marc Laporte <marc@marclaporte.com>
Date: Sat, 5 Jul 2014 11:55:57 -0400
Subject: [PATCH 1/7] typo

---
 config/jail.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/jail.conf b/config/jail.conf
index c42952d8..5c5c7651 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -10,7 +10,7 @@
 #
 # YOU SHOULD NOT MODIFY THIS FILE.
 #
-# It will probably be overwitten or improved in a distribution update.
+# It will probably be overwritten or improved in a distribution update.
 #
 # Provide customizations in a jail.local file or a jail.d/customisation.local.
 # For example to change the default bantime for all jails and to enable the

From 01d02ca5e69d3f16e8740f08ada09d736d1a13d1 Mon Sep 17 00:00:00 2001
From: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Sat, 19 Jul 2014 15:17:32 +0100
Subject: [PATCH 2/7] BF: Remove manually unbanned IPs from persistent database

Stops them being restored when Fail2Ban is restarted. Particularly this
is an issue with bantime < 0

Fixes gh-768
---
 ChangeLog                          |  2 ++
 fail2ban/server/actions.py         |  2 ++
 fail2ban/server/database.py        | 17 ++++++++++++++++-
 fail2ban/tests/databasetestcase.py |  6 ++++++
 4 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 60ec9cbc..9ae7b8c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,8 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger
    * Per-distribution paths to the exim's main log
    * Ignored IPs are no longer banned when being restored from persistent
      database
+   * Manually unbanned IPs are now removed from persistent database, such they
+     wont be banned again when Fail2Ban is restarted
 
 - New features:
    - Added monit filter thanks Jason H Martin.
diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
index fa0e94df..c8e9c5d9 100644
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@@ -197,6 +197,8 @@ class Actions(JailThread, Mapping):
 		if ticket is not None:
 			# Unban the IP.
 			self.__unBan(ticket)
+			if self._jail.database is not None:
+				self._jail.database.delBan(self._jail, ticket)
 		else:
 			raise ValueError("IP %s is not banned" % ip)
 
diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py
index 47f1a485..351d1829 100644
--- a/fail2ban/server/database.py
+++ b/fail2ban/server/database.py
@@ -368,10 +368,25 @@ class Fail2BanDb(object):
 		#TODO: Implement data parts once arbitrary match keys completed
 		cur.execute(
 			"INSERT INTO bans(jail, ip, timeofban, data) VALUES(?, ?, ?, ?)",
-			(jail.name, ticket.getIP(), round(ticket.getTime()),
+			(jail.name, ticket.getIP(), int(round(ticket.getTime())),
 				{"matches": ticket.getMatches(),
 					"failures": ticket.getAttempt()}))
 
+	@commitandrollback
+	def delBan(self, cur, jail, ticket):
+		"""Delete a ban from the database.
+
+		Parameters
+		----------
+		jail : Jail
+			Jail in which the ban has occurred.
+		ticket : BanTicket
+			Ticket of the ban to be removed.
+		"""
+		cur.execute(
+			"DELETE FROM bans WHERE jail = ? AND ip = ? AND timeofban = ?",
+			(jail.name, ticket.getIP(), int(round(ticket.getTime()))))
+
 	@commitandrollback
 	def _getBans(self, cur, jail=None, bantime=None, ip=None):
 		query = "SELECT ip, timeofban, data FROM bans WHERE 1"
diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py
index 2cf8577e..f0757e5b 100644
--- a/fail2ban/tests/databasetestcase.py
+++ b/fail2ban/tests/databasetestcase.py
@@ -173,6 +173,12 @@ class DatabaseTest(unittest.TestCase):
 		self.assertTrue(
 			isinstance(self.db.getBans(jail=self.jail)[0], FailTicket))
 
+	def testDelBan(self):
+		self.testAddBan()
+		ticket = self.db.getBans(jail=self.jail)[0]
+		self.db.delBan(self.jail, ticket)
+		self.assertEqual(len(self.db.getBans(jail=self.jail)), 0)
+
 	def testGetBansWithTime(self):
 		if Fail2BanDb is None: # pragma: no cover
 			return

From a786e8a29b29748084c6d375d9bfc6e44c71e0d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sz=C3=A9pe=20Viktor?= <viktor@szepe.net>
Date: Sun, 20 Jul 2014 19:59:54 +0200
Subject: [PATCH 3/7] named users + smtp atuh probes

---
 config/filter.d/courier-smtp.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/filter.d/courier-smtp.conf b/config/filter.d/courier-smtp.conf
index 2b9a13f2..7a3b9895 100644
--- a/config/filter.d/courier-smtp.conf
+++ b/config/filter.d/courier-smtp.conf
@@ -12,7 +12,8 @@ before = common.conf
 
 _daemon = courieresmtpd
 
-failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User unknown\.$
+failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User (<.*> )?unknown(\.)?$
+            ^%(__prefix_line)serror,relay=<HOST>,msg="535 Authentication failed\.",cmd: (AUTH PLAIN )?[0-9a-zA-Z\+/=]+$
 
 ignoreregex = 
 

From d757ef584f7928086f439da5653031019eeb4110 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sz=C3=A9pe=20Viktor?= <viktor@szepe.net>
Date: Sun, 20 Jul 2014 21:09:10 +0200
Subject: [PATCH 4/7] Update courier-smtp.conf

---
 config/filter.d/courier-smtp.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/courier-smtp.conf b/config/filter.d/courier-smtp.conf
index 7a3b9895..9447de40 100644
--- a/config/filter.d/courier-smtp.conf
+++ b/config/filter.d/courier-smtp.conf
@@ -13,7 +13,7 @@ before = common.conf
 _daemon = courieresmtpd
 
 failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User (<.*> )?unknown(\.)?$
-            ^%(__prefix_line)serror,relay=<HOST>,msg="535 Authentication failed\.",cmd: (AUTH PLAIN )?[0-9a-zA-Z\+/=]+$
+            ^%(__prefix_line)serror,relay=<HOST>,msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?$
 
 ignoreregex = 
 

From 9c4f9a3de8c2394a2f098365756c6d0853727366 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sz=C3=A9pe=20Viktor?= <viktor@szepe.net>
Date: Sun, 20 Jul 2014 21:13:55 +0200
Subject: [PATCH 5/7] added Jul 3 & Jul 4

---
 fail2ban/tests/files/logs/courier-smtp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fail2ban/tests/files/logs/courier-smtp b/fail2ban/tests/files/logs/courier-smtp
index 212df3b4..33463bab 100644
--- a/fail2ban/tests/files/logs/courier-smtp
+++ b/fail2ban/tests/files/logs/courier-smtp
@@ -1,5 +1,9 @@
 # failJSON: { "time": "2005-04-10T03:47:57", "match": true , "host": "1.2.3.4" }
 Apr 10 03:47:57 web courieresmtpd: error,relay=::ffff:1.2.3.4,ident=tmf,from=<tmf@example.com>,to=<mailman-subscribe@example.com>: 550 User unknown.
+# failJSON: { "time": "2004-07-03T23:07:20", "match": true , "host": "1.2.3.4" }
+Jul  3 23:07:20 szerver courieresmtpd: error,relay=::ffff:1.2.3.4,msg="535 Authentication failed.",cmd: YWRvYmVhZG9iZQ==
+# failJSON: { "time": "2004-07-04T18:39:39", "match": true , "host": "1.2.3.4" }
+Jul  4 18:39:39 mail courieresmtpd: error,relay=::ffff:1.2.3.4,from=<picaro@astroboymail.com>,to=<user@update.net>: 550 User <benny> unknown
 # failJSON: { "time": "2005-07-06T03:42:28", "match": true , "host": "1.2.3.4" }
 Jul  6 03:42:28 whistler courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<admin at memcpy>: 550 User unknown.
 # failJSON: { "time": "2004-11-21T23:16:17", "match": true , "host": "1.2.3.4" }

From 68bf5a1c3638732a3ef520dc7638eacda2a9b393 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sz=C3=A9pe=20Viktor?= <viktor@szepe.net>
Date: Sun, 20 Jul 2014 21:23:57 +0200
Subject: [PATCH 6/7] I don't understand those years.

---
 fail2ban/tests/files/logs/courier-smtp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fail2ban/tests/files/logs/courier-smtp b/fail2ban/tests/files/logs/courier-smtp
index 33463bab..7beaf856 100644
--- a/fail2ban/tests/files/logs/courier-smtp
+++ b/fail2ban/tests/files/logs/courier-smtp
@@ -1,8 +1,8 @@
 # failJSON: { "time": "2005-04-10T03:47:57", "match": true , "host": "1.2.3.4" }
 Apr 10 03:47:57 web courieresmtpd: error,relay=::ffff:1.2.3.4,ident=tmf,from=<tmf@example.com>,to=<mailman-subscribe@example.com>: 550 User unknown.
-# failJSON: { "time": "2004-07-03T23:07:20", "match": true , "host": "1.2.3.4" }
+# failJSON: { "time": "2005-07-03T23:07:20", "match": true , "host": "1.2.3.4" }
 Jul  3 23:07:20 szerver courieresmtpd: error,relay=::ffff:1.2.3.4,msg="535 Authentication failed.",cmd: YWRvYmVhZG9iZQ==
-# failJSON: { "time": "2004-07-04T18:39:39", "match": true , "host": "1.2.3.4" }
+# failJSON: { "time": "2005-07-04T18:39:39", "match": true , "host": "1.2.3.4" }
 Jul  4 18:39:39 mail courieresmtpd: error,relay=::ffff:1.2.3.4,from=<picaro@astroboymail.com>,to=<user@update.net>: 550 User <benny> unknown
 # failJSON: { "time": "2005-07-06T03:42:28", "match": true , "host": "1.2.3.4" }
 Jul  6 03:42:28 whistler courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<admin at memcpy>: 550 User unknown.

From 143a55bf26de76ecac332f43c03cd9542e2ccd48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sz=C3=A9pe=20Viktor?= <viktor@szepe.net>
Date: Mon, 28 Jul 2014 12:51:38 +0200
Subject: [PATCH 7/7] Update courier-smtp.conf

---
 config/filter.d/courier-smtp.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/courier-smtp.conf b/config/filter.d/courier-smtp.conf
index 9447de40..7df385bf 100644
--- a/config/filter.d/courier-smtp.conf
+++ b/config/filter.d/courier-smtp.conf
@@ -12,7 +12,7 @@ before = common.conf
 
 _daemon = courieresmtpd
 
-failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User (<.*> )?unknown(\.)?$
+failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User (<.*> )?unknown\.?$
             ^%(__prefix_line)serror,relay=<HOST>,msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?$
 
 ignoreregex =