Packages

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Stable
  • Assigned To
    André Silva
  • Operating System Hyperbola GNU/Linux-libre
  • Severity Very Low
  • Priority Very Low
  • Reported Version Milky Way v0.3
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by David P. - 27/10/2019
Last edited by David P. - 28/10/2019

FS#1462 - [fail2ban] update dovecot failregex to support verbose output and postfix too

Description:
The /etc/fail2ban/filter.d/dovecot.conf file has a failregex with the following:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$

and works with things like:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user

but with verbosity enabled in Dovecot, this output looks like this:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user (given password: password)

and in this case it doesn’t work, but it does if we fix the failregex if we replace it with:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user( \(given password: \S*\))?\s*$

with this new expression, it works with and without verbosity

And regarding postfix, to make it work correctly I “backported” some pieces from newest failregex:

/etc/fail2ban/postfixr-rbl.conf:

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

/etc/fail2ban/postfix.conf: (second failregex)

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 45[04] 4\.7\.1 Client host rejected: cannot find your (reverse )?hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

I can create a patch if you want. Note that I haven’t tested all filters, some others may also need some rework

Additional info:
* fail2ban-0.9.6-2.hyperbola3

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing