From: Daniel B. <dan...@in...> - 2013-09-25 23:18:35
|
On 19/09/13 08:28, Daniel Black wrote: > On 18/09/13 00:20, Bob Cohen wrote: >> Hi Folks, >> >> I periodically get these dictionary attacks on my dovecot mail server: >> >> dovecot: auth(default): pam(account@MYSERVERNAME.com,200.76.17.206): pam_authenticate() failed: User not known to the underlying authentication module: 2 Time(s) >> >> My regex does not seem to catch these pesky intrusions: >> >> [Definition] >> failregex = dovecot.*auth\(default\): pam\(.*,<HOST>\): pam_authenticate\(\) failed: >> ignoreregex = >> >> Suggestions? > > I've redone the regex in accordance with recommended practice in in the > DEVELOP documentation. > > https://github.com/grooverdan/fail2ban/commit/89e0520675ad822ab6935ade97554e8fd338e2c4 > > Does this match all of the entries you need to match? > > If it doesn't can you provide some more log examples. > Bob, Any feedback on the above? |