mirror of https://github.com/fail2ban/fail2ban
Fix ASSP filter to work with current release of ASSP
ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.pull/1494/head
rhardy613
parent
d9f039df03
commit
f73746d846
|
|
@ -1,24 +1,24 @@
|
||||||
# Fail2Ban filter for Anti-Spam SMTP Proxy Server also known as ASSP
|
# Fail2Ban filter for Anti-Spam SMTP Proxy Server (ASSP) Version 2.5.1 (or later)
|
||||||
#
|
#
|
||||||
# Honmepage: http://www.magicvillage.de/~Fritz_Borgstedt/assp/0003D91C-8000001C/
|
# Homepage: http://sourceforge.net/projects/assp/
|
||||||
# ProjektSite: http://sourceforge.net/projects/assp/?source=directory
|
# ProjectSite: http://sourceforge.net/projects/assp/?source=directory
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
__assp_actions = (?:dropping|refusing)
|
failregex = <HOST> \<\S+@\S+\.\S+\> to: \S+@\S+\.\S+ relay attempt blocked for: \S+$
|
||||||
|
<HOST> \[SMTP Error\] 535 5\.7\.8 Error: authentication failed.*$
|
||||||
failregex = ^(:? \[SSL-out\])? <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: \w+;$
|
|
||||||
^(?: \[SSL-out\])? <HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
|
|
||||||
^ Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
|
|
||||||
|
|
||||||
ignoreregex =
|
ignoreregex =
|
||||||
|
|
||||||
# DEV Notes:
|
# DEV Notes:
|
||||||
#
|
#
|
||||||
# Examples: Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
|
# Examples:
|
||||||
# Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
# Jul-29-16 16:49:52 m1-25391-06124 [Worker_1] [TLS-out] [RelayAttempt] 0.0.0.0 <user@example.com> to: user@example.org relay attempt blocked for: someone@example.org
|
||||||
# Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded
|
# Jul-30-16 16:59:42 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
|
||||||
|
# Jul-30-16 00:15:36 m1-52131-09651 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
|
||||||
|
# Jul-31-16 06:45:59 [Worker_1] [TLS-in] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed:
|
||||||
#
|
#
|
||||||
# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
|
# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
|
||||||
|
# Updated: Robert Hardy (rhardy@webcon.ca)
|
||||||
|
|
|
||||||
|
|
@ -1,25 +1,8 @@
|
||||||
# failJSON: { "time": "2013-04-07T07:08:36", "match": true , "host": "68.171.223.68" }
|
# failJSON: { "time": "2016-07-29T16:49:52", "match": true , "host": "0.0.0.0" }
|
||||||
Apr-07-13 07:08:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
Jul-29-16 16:49:52 m1-25391-06124 [Worker_1] [TLS-out] [RelayAttempt] 0.0.0.0 <user@example.com> to: user@example.org relay attempt blocked for: someone@example.org
|
||||||
# failJSON: { "time": "2013-04-07T07:08:36", "match": true , "host": "68.171.223.68" }
|
# failJSON: { "time": "2016-07-30T17:07:25", "match": true , "host": "0.0.0.0" }
|
||||||
Apr-07-13 07:08:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
Jul-30-16 17:07:25 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
|
||||||
# failJSON: { "time": "2013-04-07T07:10:37", "match": true , "host": "68.171.223.68" }
|
# failJSON: { "time": "2016-07-30T17:11:05", "match": true , "host": "0.0.0.0" }
|
||||||
Apr-07-13 07:10:37 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
Jul-30-16 17:11:05 m1-13060-05386 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
|
||||||
# failJSON: { "time": "2013-04-07T07:12:37", "match": true , "host": "68.171.223.68" }
|
# failJSON: { "time": "2016-07-31T06:45:59", "match": true , "host": "0.0.0.0" }
|
||||||
Apr-07-13 07:12:37 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
Jul-31-16 06:45:59 [Worker_1] [TLS-in] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed:
|
||||||
# failJSON: { "time": "2013-04-07T07:14:36", "match": true , "host": "68.171.223.68" }
|
|
||||||
Apr-07-13 07:14:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:09", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (8);
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:09", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (9);
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:09", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (10);
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:10", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:10", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:10", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
|
|
||||||
# failJSON: { "time": "2013-04-27T02:25:11", "match": true , "host": "217.194.197.97" }
|
|
||||||
Apr-27-13 02:25:11 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue