On Mon, 6 Jul 2020, Antonio Leding wrote:
Date: Mon, 6 Jul 2020 04:38:14
From: Antonio Leding <[email protected]>
To: [email protected]
Subject: [Fail2ban-users] Parsing "Invalid authentication mechanism" in
postfix
I have a Postfix + fail2ban configured to ban when it encounters SASL auth
errors. While most SALS errors do result in a ban, the following does not:
"SASL LOGIN authentication failed: Invalid authentication mechanism”
...
mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL
((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection
lost to authentication server| Invalid authentication mechanism)
...
Hello Antonio,
I cannot test my thinking, but I see "-MD5" in the regular expression, but not in the
sample that you gave - hence the expression would match "LOGIN-MD5" but not "LOGIN auth
...".
I hope this helps you,
--
Graham
Experience is something you don't get until just after you need it.
<a href="http://english-1329209197.spampoison.com";>Get free spam bait here.</a>
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
