diff syslog2iptables.conf.top @ 75:ae5e6bcc5017

sendmail auth failure detection for both login and plain methods
author Carl Byington <carl@five-ten-sg.com>
date Mon, 24 Dec 2018 08:31:27 -0800
parents 0e736950a117
children cc01f2caff37
line wrap: on
line diff
--- a/syslog2iptables.conf.top	Thu Feb 09 15:12:13 2017 -0800
+++ b/syslog2iptables.conf.top	Mon Dec 24 08:31:27 2018 -0800
@@ -85,7 +85,7 @@
         #    bucket 0;   // disable - iphone setup trips this; bucket 1800;
         #    message "sendmail pre-greeting";
         #};
-        pattern "authentication failure: checkpass failed, .*\[(.*)\]" {
+        pattern "authentication failure: .* failed, .*\[(.*)\]" {
             index 1;    // zero based
             bucket 100;
             message "sendmail authentication failed";
@@ -95,7 +95,7 @@
             bucket 100;
             message "dovecot failed password";
         };
-        pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" {
+        pattern "dovecot.*Disconnected.*auth failed.* rip=(.*), lip=" {
             index 1;    // zero based
             bucket 100;
             message "dovecot failed password";