Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th February 2011, 20:43
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: MŁnchen
Posts: 364
Thanks: 38
Thanked 90 Times in 68 Posts
Default Fail2ban + sasl problem and Solution

Today I got a brute force attack. Login failures are not detected by fail2ban. (I'm using Ubuntu server 10.04.2 LTS )

Here is my sasl section in fail2ban

Code:
[sasl]
enabled = true
port = smtp
filter = sasl
logpath = /var/log/mail.log
maxretry = 5
here my /etc/fail2ban/filter.d/sasl.conf

Code:
# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
/var/log/mail.log

Code:
Feb  9 14:28:33 server postfix/smtpd[4858]: connect from unknown[196.214.48.249]
Feb  9 14:28:38 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:28:38 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:28:41 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:28:41 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:28:52 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:28:52 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:28:56 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:28:56 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:28:58 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:28:58 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:02 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:02 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:05 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:05 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:08 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:08 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:14 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:14 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:18 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:18 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:25 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:25 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:32 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:32 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:40 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:40 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:48 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
Feb  9 14:29:48 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
Feb  9 14:29:56 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
.
.
.
Testing config with fail2ban-regex

Code:
root@server /var/log # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf 

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sasl.conf
Use log file   : /var/log/mail.log


Results
=======

Failregex
|- Regular expressions:
|  [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
|
`- Number of matches:
   [1] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.
Then I did a simple change in /etc/fail2ban/filter.d/sasl.conf:

This file contain
Code:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
I change this line for
Code:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w
...then restart fail2ban:

Code:
/etc/init.d/fail2ban restart
...and test the new config

Code:
root@server /var/log # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf 

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sasl.conf
Use log file   : /var/log/mail.log


Results
=======

Failregex
|- Regular expressions:
|  [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w
|
`- Number of matches:
   [1] 286 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
    196.214.48.249 (Wed Feb 09 14:28:38 2011)
    196.214.48.249 (Wed Feb 09 14:28:41 2011)
    196.214.48.249 (Wed Feb 09 14:28:52 2011)
    196.214.48.249 (Wed Feb 09 14:28:56 2011)
    196.214.48.249 (Wed Feb 09 14:28:58 2011)
    196.214.48.249 (Wed Feb 09 14:29:02 2011)
    196.214.48.249 (Wed Feb 09 14:29:05 2011)
    196.214.48.249 (Wed Feb 09 14:29:08 2011)
    196.214.48.249 (Wed Feb 09 14:29:14 2011)
    196.214.48.249 (Wed Feb 09 14:29:18 2011)
    196.214.48.249 (Wed Feb 09 14:29:25 2011)
    196.214.48.249 (Wed Feb 09 14:29:32 2011)
    196.214.48.249 (Wed Feb 09 14:29:40 2011)
    196.214.48.249 (Wed Feb 09 14:29:48 2011)
    196.214.48.249 (Wed Feb 09 14:29:56 2011)
    196.214.48.249 (Wed Feb 09 14:30:10 2011)
    196.214.48.249 (Wed Feb 09 14:30:16 2011)
    196.214.48.249 (Wed Feb 09 14:30:25 2011)
    196.214.48.249 (Wed Feb 09 14:30:50 2011)
    196.214.48.249 (Wed Feb 09 14:30:56 2011)
    196.214.48.249 (Wed Feb 09 14:31:03 2011)
    196.214.48.249 (Wed Feb 09 14:31:06 2011)
    196.214.48.249 (Wed Feb 09 14:31:17 2011)
    196.214.48.249 (Wed Feb 09 14:31:26 2011)
    196.214.48.249 (Wed Feb 09 14:31:36 2011)
    196.214.48.249 (Wed Feb 09 14:31:39 2011)
    196.214.48.249 (Wed Feb 09 14:31:42 2011)
    196.214.48.249 (Wed Feb 09 14:31:47 2011)
    196.214.48.249 (Wed Feb 09 14:31:52 2011)
    196.214.48.249 (Wed Feb 09 14:31:57 2011)
    196.214.48.249 (Wed Feb 09 14:32:04 2011)
    196.214.48.249 (Wed Feb 09 14:32:11 2011)
    196.214.48.249 (Wed Feb 09 14:32:27 2011)
    196.214.48.249 (Wed Feb 09 14:32:34 2011)
    196.214.48.249 (Wed Feb 09 14:32:42 2011)
    196.214.48.249 (Wed Feb 09 14:32:50 2011)
    196.214.48.249 (Wed Feb 09 14:33:00 2011)
    196.214.48.249 (Wed Feb 09 14:33:11 2011)
    196.214.48.249 (Wed Feb 09 14:33:18 2011)
    196.214.48.249 (Wed Feb 09 14:33:26 2011)
    196.214.48.249 (Wed Feb 09 14:33:36 2011)
    196.214.48.249 (Wed Feb 09 14:33:39 2011)
    196.214.48.249 (Wed Feb 09 14:33:42 2011)
    196.214.48.249 (Wed Feb 09 14:33:46 2011)
    196.214.48.249 (Wed Feb 09 14:33:51 2011)
    196.214.48.249 (Wed Feb 09 14:33:54 2011)
    196.214.48.249 (Wed Feb 09 14:33:58 2011)
    196.214.48.249 (Wed Feb 09 14:34:02 2011)
    196.214.48.249 (Wed Feb 09 14:34:05 2011)
    196.214.48.249 (Wed Feb 09 14:34:09 2011)
    196.214.48.249 (Wed Feb 09 14:34:15 2011)
    196.214.48.249 (Wed Feb 09 14:34:22 2011)
    196.214.48.249 (Wed Feb 09 14:34:33 2011)
    196.214.48.249 (Wed Feb 09 14:34:41 2011)
    196.214.48.249 (Wed Feb 09 14:34:49 2011)
    196.214.48.249 (Wed Feb 09 14:34:59 2011)
    196.214.48.249 (Wed Feb 09 14:35:06 2011)
    196.214.48.249 (Wed Feb 09 14:35:18 2011)
    196.214.48.249 (Wed Feb 09 14:35:25 2011)
    196.214.48.249 (Wed Feb 09 14:35:32 2011)
    196.214.48.249 (Wed Feb 09 14:35:47 2011)
    196.214.48.249 (Wed Feb 09 14:35:58 2011)
    196.214.48.249 (Wed Feb 09 14:36:26 2011)
    196.214.48.249 (Wed Feb 09 14:36:51 2011)
    196.214.48.249 (Wed Feb 09 14:36:54 2011)
    196.214.48.249 (Wed Feb 09 14:36:57 2011)
    196.214.48.249 (Wed Feb 09 14:37:03 2011)
    196.214.48.249 (Wed Feb 09 14:37:10 2011)
    196.214.48.249 (Wed Feb 09 14:37:14 2011)
    196.214.48.249 (Wed Feb 09 14:37:18 2011)
    196.214.48.249 (Wed Feb 09 14:37:26 2011)
    196.214.48.249 (Wed Feb 09 14:37:35 2011)
    196.214.48.249 (Wed Feb 09 14:37:42 2011)
    196.214.48.249 (Wed Feb 09 14:37:50 2011)
    196.214.48.249 (Wed Feb 09 14:38:00 2011)
    196.214.48.249 (Wed Feb 09 14:38:09 2011)
    196.214.48.249 (Wed Feb 09 14:38:15 2011)
    196.214.48.249 (Wed Feb 09 14:38:29 2011)
    196.214.48.249 (Wed Feb 09 14:38:37 2011)
    196.214.48.249 (Wed Feb 09 14:38:46 2011)
    196.214.48.249 (Wed Feb 09 14:38:55 2011)
    196.214.48.249 (Wed Feb 09 14:38:59 2011)
    196.214.48.249 (Wed Feb 09 14:39:08 2011)
    196.214.48.249 (Wed Feb 09 14:39:14 2011)
    196.214.48.249 (Wed Feb 09 14:39:18 2011)
    196.214.48.249 (Wed Feb 09 14:39:21 2011)
    196.214.48.249 (Wed Feb 09 14:39:24 2011)
    196.214.48.249 (Wed Feb 09 14:39:26 2011)
    196.214.48.249 (Wed Feb 09 14:39:29 2011)
    196.214.48.249 (Wed Feb 09 14:39:36 2011)
    196.214.48.249 (Wed Feb 09 14:39:42 2011)
    196.214.48.249 (Wed Feb 09 14:39:51 2011)
    196.214.48.249 (Wed Feb 09 14:39:58 2011)
    196.214.48.249 (Wed Feb 09 14:40:05 2011)
    196.214.48.249 (Wed Feb 09 14:40:13 2011)
    196.214.48.249 (Wed Feb 09 14:40:21 2011)
    196.214.48.249 (Wed Feb 09 14:40:29 2011)
    196.214.48.249 (Wed Feb 09 14:40:36 2011)
    196.214.48.249 (Wed Feb 09 14:40:44 2011)
    196.214.48.249 (Wed Feb 09 14:40:54 2011)
    196.214.48.249 (Wed Feb 09 14:41:04 2011)
    196.214.48.249 (Wed Feb 09 14:41:07 2011)
    196.214.48.249 (Wed Feb 09 14:41:10 2011)
    196.214.48.249 (Wed Feb 09 14:41:13 2011)
    196.214.48.249 (Wed Feb 09 14:41:18 2011)
    196.214.48.249 (Wed Feb 09 14:41:24 2011)
    196.214.48.249 (Wed Feb 09 14:41:28 2011)
    196.214.48.249 (Wed Feb 09 14:41:32 2011)
    196.214.48.249 (Wed Feb 09 14:41:38 2011)
    196.214.48.249 (Wed Feb 09 14:41:49 2011)
    196.214.48.249 (Wed Feb 09 14:42:04 2011)
    196.214.48.249 (Wed Feb 09 14:42:15 2011)
    196.214.48.249 (Wed Feb 09 14:42:22 2011)
    196.214.48.249 (Wed Feb 09 14:42:30 2011)
    196.214.48.249 (Wed Feb 09 14:42:38 2011)
    196.214.48.249 (Wed Feb 09 14:42:47 2011)
    196.214.48.249 (Wed Feb 09 14:42:55 2011)
    196.214.48.249 (Wed Feb 09 14:43:02 2011)
    196.214.48.249 (Wed Feb 09 14:43:09 2011)
    196.214.48.249 (Wed Feb 09 14:43:16 2011)
    196.214.48.249 (Wed Feb 09 14:43:24 2011)
    196.214.48.249 (Wed Feb 09 14:43:28 2011)
    196.214.48.249 (Wed Feb 09 14:43:33 2011)
    196.214.48.249 (Wed Feb 09 14:43:39 2011)
    196.214.48.249 (Wed Feb 09 14:43:42 2011)
    196.214.48.249 (Wed Feb 09 14:43:45 2011)
    196.214.48.249 (Wed Feb 09 14:43:48 2011)
    196.214.48.249 (Wed Feb 09 14:43:51 2011)
    196.214.48.249 (Wed Feb 09 14:43:56 2011)
    196.214.48.249 (Wed Feb 09 14:44:01 2011)
    196.214.48.249 (Wed Feb 09 14:44:12 2011)
    196.214.48.249 (Wed Feb 09 14:44:18 2011)
    196.214.48.249 (Wed Feb 09 14:44:26 2011)
    196.214.48.249 (Wed Feb 09 14:44:35 2011)
    196.214.48.249 (Wed Feb 09 14:44:42 2011)
    196.214.48.249 (Wed Feb 09 14:44:51 2011)
    196.214.48.249 (Wed Feb 09 14:44:57 2011)
    196.214.48.249 (Wed Feb 09 14:45:05 2011)
    196.214.48.249 (Wed Feb 09 14:45:14 2011)
    196.214.48.249 (Wed Feb 09 14:45:23 2011)
    196.214.48.249 (Wed Feb 09 14:45:32 2011)
    196.214.48.249 (Wed Feb 09 14:45:37 2011)
    196.214.48.249 (Wed Feb 09 14:45:42 2011)
    196.214.48.249 (Wed Feb 09 14:45:45 2011)
    196.214.48.249 (Wed Feb 09 14:45:48 2011)
    196.214.48.249 (Wed Feb 09 14:45:54 2011)
    196.214.48.249 (Wed Feb 09 14:46:01 2011)
    196.214.48.249 (Wed Feb 09 14:46:05 2011)
    196.214.48.249 (Wed Feb 09 14:46:09 2011)
    196.214.48.249 (Wed Feb 09 14:46:20 2011)
    196.214.48.249 (Wed Feb 09 14:46:26 2011)
    196.214.48.249 (Wed Feb 09 14:46:33 2011)
    196.214.48.249 (Wed Feb 09 14:46:41 2011)
    196.214.48.249 (Wed Feb 09 14:46:50 2011)
    196.214.48.249 (Wed Feb 09 14:46:58 2011)
    196.214.48.249 (Wed Feb 09 14:47:06 2011)
    196.214.48.249 (Wed Feb 09 14:47:16 2011)
    196.214.48.249 (Wed Feb 09 14:47:22 2011)
    196.214.48.249 (Wed Feb 09 14:47:30 2011)
    196.214.48.249 (Wed Feb 09 14:47:38 2011)
    196.214.48.249 (Wed Feb 09 14:47:44 2011)
    196.214.48.249 (Wed Feb 09 14:47:47 2011)
    196.214.48.249 (Wed Feb 09 14:47:51 2011)
    196.214.48.249 (Wed Feb 09 14:47:54 2011)
    196.214.48.249 (Wed Feb 09 14:47:58 2011)
    196.214.48.249 (Wed Feb 09 14:48:00 2011)
    196.214.48.249 (Wed Feb 09 14:48:03 2011)
    196.214.48.249 (Wed Feb 09 14:48:07 2011)
    196.214.48.249 (Wed Feb 09 14:48:10 2011)
    196.214.48.249 (Wed Feb 09 14:48:13 2011)
    196.214.48.249 (Wed Feb 09 14:48:20 2011)
    196.214.48.249 (Wed Feb 09 14:48:28 2011)
    196.214.48.249 (Wed Feb 09 14:48:34 2011)
    196.214.48.249 (Wed Feb 09 14:48:42 2011)
    196.214.48.249 (Wed Feb 09 14:48:50 2011)
    196.214.48.249 (Wed Feb 09 14:48:57 2011)
    196.214.48.249 (Wed Feb 09 14:49:04 2011)
    196.214.48.249 (Wed Feb 09 14:49:11 2011)
    196.214.48.249 (Wed Feb 09 14:49:19 2011)
    196.214.48.249 (Wed Feb 09 14:49:26 2011)
    196.214.48.249 (Wed Feb 09 14:49:40 2011)
    196.214.48.249 (Wed Feb 09 14:50:25 2011)
    196.214.48.249 (Wed Feb 09 14:50:27 2011)
    196.214.48.249 (Wed Feb 09 14:50:32 2011)
    196.214.48.249 (Wed Feb 09 14:50:35 2011)
    196.214.48.249 (Wed Feb 09 14:50:40 2011)
    196.214.48.249 (Wed Feb 09 14:50:43 2011)
    196.214.48.249 (Wed Feb 09 14:50:49 2011)
    196.214.48.249 (Wed Feb 09 14:50:52 2011)
    196.214.48.249 (Wed Feb 09 14:50:55 2011)
    196.214.48.249 (Wed Feb 09 14:50:58 2011)
    196.214.48.249 (Wed Feb 09 14:51:01 2011)
    196.214.48.249 (Wed Feb 09 14:51:07 2011)
    196.214.48.249 (Wed Feb 09 14:51:14 2011)
    196.214.48.249 (Wed Feb 09 14:51:21 2011)
    196.214.48.249 (Wed Feb 09 14:51:29 2011)
    196.214.48.249 (Wed Feb 09 14:51:35 2011)
    196.214.48.249 (Wed Feb 09 14:51:43 2011)
    196.214.48.249 (Wed Feb 09 14:51:50 2011)
    196.214.48.249 (Wed Feb 09 14:51:57 2011)
    196.214.48.249 (Wed Feb 09 14:52:04 2011)
    196.214.48.249 (Wed Feb 09 14:52:12 2011)
    196.214.48.249 (Wed Feb 09 14:52:17 2011)
    196.214.48.249 (Wed Feb 09 14:52:22 2011)
    196.214.48.249 (Wed Feb 09 14:52:25 2011)
    196.214.48.249 (Wed Feb 09 14:52:29 2011)
    196.214.48.249 (Wed Feb 09 14:52:34 2011)
    196.214.48.249 (Wed Feb 09 14:52:37 2011)
    196.214.48.249 (Wed Feb 09 14:52:39 2011)
    196.214.48.249 (Wed Feb 09 14:52:43 2011)
    196.214.48.249 (Wed Feb 09 14:52:50 2011)
    196.214.48.249 (Wed Feb 09 14:52:53 2011)
    196.214.48.249 (Wed Feb 09 14:53:00 2011)
    196.214.48.249 (Wed Feb 09 14:53:08 2011)
    196.214.48.249 (Wed Feb 09 14:53:18 2011)
    196.214.48.249 (Wed Feb 09 14:53:25 2011)
    196.214.48.249 (Wed Feb 09 14:53:31 2011)
    196.214.48.249 (Wed Feb 09 14:53:38 2011)
    196.214.48.249 (Wed Feb 09 14:53:50 2011)
    196.214.48.249 (Wed Feb 09 14:53:58 2011)
    196.214.48.249 (Wed Feb 09 14:54:05 2011)
    196.214.48.249 (Wed Feb 09 14:54:15 2011)
    196.214.48.249 (Wed Feb 09 14:54:23 2011)
    196.214.48.249 (Wed Feb 09 14:54:26 2011)
    196.214.48.249 (Wed Feb 09 14:54:31 2011)
    196.214.48.249 (Wed Feb 09 14:54:39 2011)
    196.214.48.249 (Wed Feb 09 14:54:41 2011)
    196.214.48.249 (Wed Feb 09 14:54:45 2011)
    196.214.48.249 (Wed Feb 09 14:54:51 2011)
    196.214.48.249 (Wed Feb 09 14:54:58 2011)
    196.214.48.249 (Wed Feb 09 14:55:00 2011)
    196.214.48.249 (Wed Feb 09 14:55:03 2011)
    196.214.48.249 (Wed Feb 09 14:55:09 2011)
    196.214.48.249 (Wed Feb 09 14:55:16 2011)
    196.214.48.249 (Wed Feb 09 14:55:26 2011)
    196.214.48.249 (Wed Feb 09 14:55:34 2011)
    196.214.48.249 (Wed Feb 09 14:55:41 2011)
    196.214.48.249 (Wed Feb 09 14:55:50 2011)
    196.214.48.249 (Wed Feb 09 14:56:24 2011)
    196.214.48.249 (Wed Feb 09 14:58:33 2011)
    196.214.48.249 (Wed Feb 09 14:58:42 2011)
    196.214.48.249 (Wed Feb 09 14:59:56 2011)
    196.214.48.249 (Wed Feb 09 15:00:03 2011)
    196.214.48.249 (Wed Feb 09 15:00:51 2011)
    196.214.48.249 (Wed Feb 09 15:03:04 2011)
    196.214.48.249 (Wed Feb 09 15:05:06 2011)
    196.214.48.249 (Wed Feb 09 15:05:12 2011)
    196.214.48.249 (Wed Feb 09 15:05:26 2011)
    196.214.48.249 (Wed Feb 09 15:07:26 2011)
    196.214.48.249 (Wed Feb 09 15:08:34 2011)
    196.214.48.249 (Wed Feb 09 15:09:45 2011)
    196.214.48.249 (Wed Feb 09 15:10:11 2011)
    196.214.48.249 (Wed Feb 09 15:11:58 2011)
    196.214.48.249 (Wed Feb 09 15:14:04 2011)
    196.214.48.249 (Wed Feb 09 15:14:20 2011)
    196.214.48.249 (Wed Feb 09 15:15:05 2011)
    196.214.48.249 (Wed Feb 09 15:16:52 2011)
    196.214.48.249 (Wed Feb 09 15:18:39 2011)
    196.214.48.249 (Wed Feb 09 15:19:54 2011)
    196.214.48.249 (Wed Feb 09 15:20:02 2011)
    196.214.48.249 (Wed Feb 09 15:22:04 2011)
    196.214.48.249 (Wed Feb 09 15:22:19 2011)
    196.214.48.249 (Wed Feb 09 15:24:36 2011)
    196.214.48.249 (Wed Feb 09 15:24:42 2011)
    196.214.48.249 (Wed Feb 09 15:25:06 2011)
    196.214.48.249 (Wed Feb 09 15:27:13 2011)
    196.214.48.249 (Wed Feb 09 15:28:28 2011)
    196.214.48.249 (Wed Feb 09 15:28:36 2011)
    196.214.48.249 (Wed Feb 09 15:29:48 2011)
    196.214.48.249 (Wed Feb 09 15:30:17 2011)
    196.214.48.249 (Wed Feb 09 15:32:16 2011)
    196.214.48.249 (Wed Feb 09 15:34:33 2011)
    196.214.48.249 (Wed Feb 09 15:35:54 2011)
    196.214.48.249 (Wed Feb 09 15:35:57 2011)
    196.214.48.249 (Wed Feb 09 15:35:58 2011)
    196.214.48.249 (Wed Feb 09 15:36:00 2011)
    196.214.48.249 (Wed Feb 09 15:37:58 2011)
    196.214.48.249 (Wed Feb 09 15:38:38 2011)
    196.214.48.249 (Wed Feb 09 15:39:48 2011)
    196.214.48.249 (Wed Feb 09 15:39:57 2011)
    196.214.48.249 (Wed Feb 09 15:39:59 2011)
    196.214.48.249 (Wed Feb 09 15:40:03 2011)
    196.214.48.249 (Wed Feb 09 15:41:51 2011)
    196.214.48.249 (Wed Feb 09 15:44:15 2011)
    196.214.48.249 (Wed Feb 09 15:44:30 2011)
    196.214.48.249 (Wed Feb 09 15:45:23 2011)

Date template hits:
9412 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): YearMonthDay Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 286

However, look at the above section 'Running tests' which could contain important
information.
Sucess!!
Reply With Quote
The Following 7 Users Say Thank You to pititis For This Useful Post:
Beornegar (22nd January 2014), cyrus1977 (9th February 2011), djsilas (29th May 2014), falko (10th February 2011), fordwrench (13th July 2011), go0ogl3 (4th March 2014), simplemind (23rd July 2014)
Sponsored Links
  #2  
Old 2nd March 2011, 07:02
Conisant Conisant is offline
Junior Member
 
Join Date: Mar 2011
Posts: 1
Thanks: 0
Thanked 4 Times in 1 Post
Default

You could tighten it up a little bit, because it is just a missing white-space

Code:
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*)?$

Greetings, Coni
Reply With Quote
The Following 4 Users Say Thank You to Conisant For This Useful Post:
cRUSH3r (22nd October 2013), dynamind (5th December 2012), fordwrench (13th July 2011), go0ogl3 (4th March 2014)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
Captcha System Solution for the SPAM problem vaio1 Installation/Configuration 9 27th May 2008 08:05
saslauthd problem: bind: Address already in use fitti70 Server Operation 4 14th May 2007 21:51
Postfix + SASL problem thim Installation/Configuration 3 4th February 2007 18:05
Postfix+MySQL Problem jasutton Installation/Configuration 1 15th June 2006 16:06


All times are GMT +2. The time now is 00:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.