On 6/19/2023 2:21 PM, pedro@netsecpt.pt wrote:
I am not using custom rules for fail2ban , in fact my fail2ban is using the default settings , i do not have that file zzz-custom in that directory however jail.conf is using the default jail time for every filter , witch is :
I created the zz-custom.conf file myself. You won't find it in a standard fail2ban install. It is my way of achieving the config I want without changing the main .conf files. This makes upgrades a lot cleaner.
I believe dovecot does have a bug here. My user that shows those failed auth messages has not been using the wrong password. My guess is that anytime dovecot disconnects a user for inactivity, it claims that auth failed, even when that is not the case.
Interesting. In the 2.3.20 tag, I found the code that prints that message in src/login-common/client-common.c ... but that same code is not present in the main branch. It looks to me like that code has been completely overhauled and maybe 2.4 won't have this problem when it gets released.
It's been decades since I last did any C development, so I'm not really good at tracking what's going on in the code, but I see that the client_get_extra_disconnect_reason function in that source file uses that "auth failed" message as its fall-through option, and there doesn't seem to be any test earlier in the function to detect when the disconnect happens because of inactivity on a successfully authenticated connection.
Fixing the problem is beyond my current skill level. It will require somebody who is intimately familiar with that code.
Thanks, Shawn