changeset 75:ae5e6bcc5017

sendmail auth failure detection for both login and plain methods
author Carl Byington <carl@five-ten-sg.com>
date Mon, 24 Dec 2018 08:31:27 -0800
parents 5ae085b398f4
children c6c8a2102a3e
files syslog2iptables.conf.top
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/syslog2iptables.conf.top	Thu Feb 09 15:12:13 2017 -0800
+++ b/syslog2iptables.conf.top	Mon Dec 24 08:31:27 2018 -0800
@@ -85,7 +85,7 @@
         #    bucket 0;   // disable - iphone setup trips this; bucket 1800;
         #    message "sendmail pre-greeting";
         #};
-        pattern "authentication failure: checkpass failed, .*\[(.*)\]" {
+        pattern "authentication failure: .* failed, .*\[(.*)\]" {
             index 1;    // zero based
             bucket 100;
             message "sendmail authentication failed";
@@ -95,7 +95,7 @@
             bucket 100;
             message "dovecot failed password";
         };
-        pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" {
+        pattern "dovecot.*Disconnected.*auth failed.* rip=(.*), lip=" {
             index 1;    // zero based
             bucket 100;
             message "dovecot failed password";