mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.1 KiB
33 lines
1.1 KiB
# Fail2Ban filter for unsuccesful solid-pop3 authentication attempts
|
|
#
|
|
# Doesn't currently provide PAM support as PAM log messages don't include rhost as
|
|
# remote IP.
|
|
#
|
|
[INCLUDES]
|
|
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = solid-pop3d
|
|
|
|
failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - <HOST>$
|
|
^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - <HOST>$
|
|
^%(__prefix_line)sroot login not allowed - <HOST>$
|
|
^%(__prefix_line)scan't find APOP secret for user .*? - <HOST>$
|
|
|
|
ignoreregex =
|
|
|
|
# DEV Notes:
|
|
#
|
|
# solid-pop3d needs to be compiled with --enable-logextend to support
|
|
# IP addresses in log messages.
|
|
#
|
|
# solid-pop3d-0.15/src/main.c contains all authentication errors
|
|
# except for PAM authentication messages ( src/authenticate.c )
|
|
#
|
|
# A pam authentication failure message (note no IP for rhost).
|
|
# Nov 17 23:17:50 emf1pt2-2-35-70 solid-pop3d[17176]: pam_unix(solid-pop3d:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jacques
|
|
#
|
|
# Authors: Daniel Black
|