mirror of https://github.com/fail2ban/fail2ban
aa158ac05f
When reporting the error `AUTH command used when not advertised`, Exim starts with `SMTP protocol error in "........."`. Here, Exim logs the SMTP command as it was provided by the connecting client. https://github.com/Exim/exim/blob/exim-4_89+fixes/src/src/smtp_in.c#L2850 According to RFC 5321 (SMTP) "[..] a command verb [..] MAY be encoded in upper case, lower case, or any mixture of upper and lower case with no impact on its meaning." https://tools.ietf.org/html/rfc5321#section-2.4 Lower case `auth login` brute-force attempts were seen in the wild and were not caught by the current failregex. This commit makes the failregex case-insensitive for the `AUTH` command, so that lower case (`auth`) or mixed case (`aUtH`) now also match. The failregex was already case-insensitive for the command arguments (e.g. `AUTH login` already matched). |
||
|---|---|---|
| .. | ||
| action.d | ||
| filter.d | ||
| fail2ban.conf | ||
| jail.conf | ||
| paths-common.conf | ||
| paths-debian.conf | ||
| paths-fedora.conf | ||
| paths-freebsd.conf | ||
| paths-opensuse.conf | ||
| paths-osx.conf | ||