configuration-templates – Blame information for rev 92
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
92 | office | 1 | # Fail2Ban filter Dovecot authentication and pop3/imap server |
2 | # |
||
3 | |||
4 | [INCLUDES] |
||
5 | |||
6 | before = common.conf |
||
7 | |||
8 | [Definition] |
||
9 | |||
10 | _daemon = (auth|dovecot(-auth)?|auth-worker) |
||
11 | |||
12 | failregex = ^%(__prefix_line)s(?:%(__pam_auth)s(?:\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$ |
||
13 | ^%(__prefix_line)s(?:pop3|imap)-login: (?:Info: )?(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<[^>]+>,)?( method=\S+,)? rip=<HOST>(?:, lip=\S+)?(?:, TLS(?: handshaking(?:: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$ |
||
14 | ^%(__prefix_line)s(?:Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$ |
||
15 | ^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$ |
||
16 | ^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): Info: ldap\(\S*,<HOST>,\S*\): invalid credentials\s*$ |
||
17 | |||
18 | ignoreregex = |
||
19 | |||
20 | [Init] |
||
21 | |||
22 | journalmatch = _SYSTEMD_UNIT=dovecot.service |
||
23 | |||
24 | # DEV Notes: |
||
25 | # * the first regex is essentially a copy of pam-generic.conf |
||
26 | # * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016) |
||
27 | # * Removed the 'no auth attempts' log lines from the matches because produces |
||
28 | # lots of false positives on misconfigured MTAs making regexp unusable |
||
29 | # |
||
30 | # Author: Martin Waschbuesch |
||
31 | # Daniel Black (rewrote with begin and end anchors) |
||
32 | # Martin O'Neal (added LDAP authentication failure regex) |
||
33 | # Sergey G. Brester aka sebres (reviewed, optimized, IPv6-compatibility) |
||
34 | # Author: Wizardry and Steamworks |