Dear list,
Check out this regex for postfix-sasl :
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [
A-Za-z0-9+/]*={0,2})?\s*$
My jail was setup to ban after only 1 maxretry :
[postfix-sasl]
enabled = true
port = all
filter = postfix-sasl
logpath = /var/log/mail.warn
maxretry = 1
findtime = 600
A particular IP had 80 failures without getting banned. The only reason I see
is because the log lines loook like this
Jun 19 16:52:35 messagerie-prep postfix/smtpd[8951]: warning:
95.red-2-139-252.staticip.rima-tde.net[2.139.252.95]: SASL Login authentication
failed: UGFzc3dvcmQ6
Notice that login is written Login instead of LOGIN like in the filter.
What do you suggest ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
