View Single Post
  #5  
Old 17th May 2011, 17:04
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question sasl conf

Quote:
Please check if the regex in /etc/fail2ban/filter.d/sasl.conf is correct.
For NewB, everything looks correct

/etc/fail2ban/filter.d/sasl.conf and etc. files (collection)
Code:
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
failregex = pop3d: LOGIN FAILED.*ip=\[.*:<HOST>\]
failregex = pop3d-ssl: LOGIN FAILED.*ip=\[.*:<HOST>\]
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
failregex = imapd-ssl: LOGIN FAILED.*ip=\[.*:<HOST>\]
/etc/fail2ban/filter.d/sasl.conf has:
Code:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGE$
ignoreregex =
But /etc/fail2ban/filter.d/sasl.conf was not modified at all ( http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-courier-ispconfig-3-p5 see item 17. Fail2ban )

How to line should look like ? something like
failregex = sasl: LOGIN FAILED.*ip=\[.*:<HOST>\]
Better also to add/correct in instructions (if missing ) for Rest-of-us ?

Last edited by till; 17th May 2011 at 18:00.
Reply With Quote