diff options
author | Sergey G. Brester <serg.brester@sebres.de> | 2022-08-01 09:20:28 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-01 09:20:28 +0200 |
commit | 514cca9adeca3f24c6854859d793d26a583329f8 (patch) | |
tree | cea6cbe73058561752aa501387087a3044420f5c | |
parent | 3a8ab0c70aa7a04cae374b8afb7251fc540bc5bf (diff) | |
download | fail2ban-514cca9adeca3f24c6854859d793d26a583329f8.tar.gz |
filter.d/sendmail-auth.conf: detect failures without user part
-rw-r--r-- | config/filter.d/sendmail-auth.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/filter.d/sendmail-auth.conf b/config/filter.d/sendmail-auth.conf index de1f8e36..3fa3c701 100644 --- a/config/filter.d/sendmail-auth.conf +++ b/config/filter.d/sendmail-auth.conf @@ -15,7 +15,7 @@ addr = (?:IPv6:<IP6>|<IP4>) prefregex = ^<F-MLFID>%(__prefix_line)s</F-MLFID><F-CONTENT>.+</F-CONTENT>$ failregex = ^(\S+ )?\[%(addr)s\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$ - ^AUTH failure \([^\)]+\):(?: [^:]+:)? (?:authentication failure|user not found): [^,]*, user=<F-USER>(?:\S+|.*?)</F-USER>, relay=(?:\S+ )?\[%(addr)s\](?: \(may be forged\))?$ + ^AUTH failure \([^\)]+\):(?: [^:]+:)? (?:authentication failure|user not found): [^,]*, (?:user=<F-USER>(?:\S+|.*?)</F-USER>, )?relay=(?:\S+ )?\[%(addr)s\](?: \(may be forged\))?$ ignoreregex = journalmatch = _SYSTEMD_UNIT=sendmail.service |