From: Ken S. <ke...@ke...> - 2016-01-17 23:46:44
|
> > On 17/01/2016 20:06, Ken Smith wrote: >> Hi Fail2Ban users, >> >> >> I'm trying to match lines like this on a F2Ban 0.8.4 system:- >> >> Jan 17 07:08:04 knettaa2 sendmail[23508]: u0H77tm0023508: >> car-pppoe-dvz-01.wln.com.br [187.17.21.214] did not issue >> MAIL/EXPN/VRFY/ETRN during connection to MTA >> >> and my amateur regex foo is completely failing me. >> >> Has someone done this before and be willing to share their solution. >> >> Many thanks >> >> Ken >> Nick Howitt wrote: > Knowing nothing about sendmail and only based on the sendmail-reject > and sendmail-auth filters: > > ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\] did not issue > MAIL\/EXPN\/VRFY\/ETRN during connection to MTA$ > > Test using fail2ban-regex. > > Nick Thank you for the swift response Nick. That was one of the incantations I had tried with these results Running tests ============= Use regex file : sasl2.conf Traceback (most recent call last): File "/usr/bin/fail2ban-regex", line 362, in ? if fail2banRegex.readRegex(sys.argv[2]) == False: File "/usr/bin/fail2ban-regex", line 176, in readRegex self.__failregex = [RegexStat(m) File "/usr/lib/python2.4/ConfigParser.py", line 525, in get return self._interpolate(section, option, value, d) File "/usr/lib/python2.4/ConfigParser.py", line 593, in _interpolate self._interpolate_some(option, L, rawval, section, vars, 1) File "/usr/lib/python2.4/ConfigParser.py", line 624, in _interpolate_some raise InterpolationMissingOptionError( ConfigParser.InterpolationMissingOptionError: Bad value substitution: section: [Definition] option : failregex key : __prefix_line rawval : \w{14}: (\S+ )?\[<HOST>\] did not issue MAIL\/EXPN\/VRFY\/ETRN during connection to MTA$ Whereas grep "did not issue MAIL/EXPN" /var/log/maillog.1 gave the line in the example above. This is on Centos 5. Thanks Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |