From Fail2ban
Revision as of 22:00, 4 April 2008 by (Talk) (add failregex)

Jump to: navigation, search

Dovecot is a POP3/IMAP server that can also provide authentication for SMTP and other SASL services.

Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output.

  • Jan 11 03:42:09 email dovecot: auth(default): pam(, pam_authenticate() failed: User not known to the underlying authentication module
  • Jan 26 22:31:37 email dovecot: auth(default): pam(dan, pam_authenticate() failed: Authentication failure


The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

failregex = dovecot.*auth\(default\): pam\(.*,<HOST>\): pam_authenticate\(\) failed: