Fail2ban 'Password mismatch' regex
Christian Kivalo
ml+dovecot at valo.at
Mon Sep 11 10:38:54 EEST 2017
> Many thanks Christian.
>
> Added that, but it still doesn’t match:
>
> $ fail2ban-regex "Sep 11 15:52:49 mail dovecot[54239]:
> auth-worker(10094):
> sql(user at bordo.com.au,::1,L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password
> mismatch (given password: 2)"
> "^%(__prefix_line)sauth: Info: sql\(\S+,<HOST>,\<\S+\>\): (Password
> mismatch|unknown user)( \((SHA1 of given password: [0-9a-f]{5,40}|given
> password: \w*)\))?$"
Your log has "auth-worker(10094): sql" whereas the fail2ban regex has
")sauth: Info: sql\(\". When you change that to ")sauth-worker: sql\(\"
does it work then?
Try to reduce the regex to a working minimum and then add parts back
until it breaks...
[...]
>
> Any other suggestions?
>
> Thanks,
>
> James.
--
Christian Kivalo
More information about the dovecot
mailing list