Le 28/01/2022 à 08:16, Daan Willems a écrit :
Package: fail2ban
Version: 0.11.2-2
Severity: normal
Tags: patch
Dear Maintainer,
* What led up to the situation?
fail2ban didn't find/ban failed logins in the configured courier-auth jail.
* What exactly did you do (or not do) that was effective (or ineffective)?
Failed courier-imapd logins are logged in /var/log/mail.log as:
Jan 27 09:00:00 servername imapd: LOGIN FAILED, user=xxxxxxx,
ip=[::ffff:xxx.xxx.xxx.xxx], port=[xxxxx]
The current courier-auth failregex fails to match this because there is a port
mentioned after the ip section.
An update to the failregex is needed to reflect this.
failregex = ^%(__prefix_line)sLOGIN FAILED, (?:user|method)=.*, ip=\[<HOST>\]$
failregex = ^%(__prefix_line)sLOGIN FAILED, (?:user|method)=.*, ip=\[<HOST>\].*$
* What was the outcome of this action?
Fail2ban matches failed courier-imapd(-ssl) logins again as expected.
Could you please propose a PR upstream?
https://github.com/fail2ban/fail2ban/
Thanks,
Sylvestre
