Difference between revisions of "Dovecot"

From Fail2ban
Jump to: navigation, search
m (DovecotIMAP moved to Dovecot: dovecot imap/pop/sasl stuff is all centrally controlled by an authentication daemon so it doesn't make much sense (yet) to separate it.)
(specified IP for logs - previous one was anonomized too)
Line 2: Line 2:
  
 
{{Logging_Outputs}}
 
{{Logging_Outputs}}
 +
 +
Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output.
  
 
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
 
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,213.33.10.200): pam_authenticate() failed: User not known to the underlying authentication module
+
* Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,192.0.2.2): pam_authenticate() failed: User not known to the underlying authentication module
Jan 26 22:31:37 email dovecot: auth(default): pam(dan,213.33.10.200): pam_authenticate() failed: Authentication failure
+
* Jan 26 22:31:37 email dovecot: auth(default): pam(dan,192.0.2.2): pam_authenticate() failed: Authentication failure
 
<div>
 
<div>
  

Revision as of 13:19, 26 January 2008

Dovecot is a POP3/IMAP server that can also provide authentication for SMTP and other SASL services.


Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output.

  • Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,192.0.2.2): pam_authenticate() failed: User not known to the underlying authentication module
  • Jan 26 22:31:37 email dovecot: auth(default): pam(dan,192.0.2.2): pam_authenticate() failed: Authentication failure


Failregex

The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.


failregex =