diff options
author | Sergey G. Brester <serg.brester@sebres.de> | 2022-01-27 17:50:28 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-27 17:50:28 +0100 |
commit | dfc866ea410840a8c9bfba04d4fa92213221164d (patch) | |
tree | eec586e286c07b5a4df0924d694550feecf9c6fa /config | |
parent | af8a9f7ff9e93d59eaf48828c9af85049c3e0141 (diff) | |
download | fail2ban-dfc866ea410840a8c9bfba04d4fa92213221164d.tar.gz |
improve RE to solve conflict with expected another open parenthesis
Diffstat (limited to 'config')
-rw-r--r-- | config/filter.d/dovecot.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf index fcd28b58..c55061c3 100644 --- a/config/filter.d/dovecot.conf +++ b/config/filter.d/dovecot.conf @@ -14,7 +14,7 @@ _daemon = (?:dovecot(?:-auth)?|auth) prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s<F-CONTENT>.+</F-CONTENT>$ failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1> uid=\S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER> rhost=<HOST>(?:\s+user=<F-ALT_USER>\S*</F-ALT_USER>)?\s*$ - ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?::(?: [^ ]+)+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$ + ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$ ^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$ ^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch) <mdre-<mode>> |