Mercurial > syslog2iptables
diff syslog2iptables.conf.top @ 75:ae5e6bcc5017
sendmail auth failure detection for both login and plain methods
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Mon, 24 Dec 2018 08:31:27 -0800 |
| parents | 0e736950a117 |
| children | cc01f2caff37 |
line wrap: on
line diff
--- a/syslog2iptables.conf.top Thu Feb 09 15:12:13 2017 -0800 +++ b/syslog2iptables.conf.top Mon Dec 24 08:31:27 2018 -0800 @@ -85,7 +85,7 @@ # bucket 0; // disable - iphone setup trips this; bucket 1800; # message "sendmail pre-greeting"; #}; - pattern "authentication failure: checkpass failed, .*\[(.*)\]" { + pattern "authentication failure: .* failed, .*\[(.*)\]" { index 1; // zero based bucket 100; message "sendmail authentication failed"; @@ -95,7 +95,7 @@ bucket 100; message "dovecot failed password"; }; - pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" { + pattern "dovecot.*Disconnected.*auth failed.* rip=(.*), lip=" { index 1; // zero based bucket 100; message "dovecot failed password";