Menu
▾
▴
Re: [Fail2ban-users] SASL Sendmail Auth Regex
|
From: Ken S. <ke...@ke...> - 2016-01-17 23:46:44
|
>
> On 17/01/2016 20:06, Ken Smith wrote:
>> Hi Fail2Ban users,
>>
>>
>> I'm trying to match lines like this on a F2Ban 0.8.4 system:-
>>
>> Jan 17 07:08:04 knettaa2 sendmail[23508]: u0H77tm0023508:
>> car-pppoe-dvz-01.wln.com.br [187.17.21.214] did not issue
>> MAIL/EXPN/VRFY/ETRN during connection to MTA
>>
>> and my amateur regex foo is completely failing me.
>>
>> Has someone done this before and be willing to share their solution.
>>
>> Many thanks
>>
>> Ken
>>
Nick Howitt wrote:
> Knowing nothing about sendmail and only based on the sendmail-reject
> and sendmail-auth filters:
>
> ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\] did not issue
> MAIL\/EXPN\/VRFY\/ETRN during connection to MTA$
>
> Test using fail2ban-regex.
>
> Nick
Thank you for the swift response Nick. That was one of the incantations
I had tried with these results
Running tests
=============
Use regex file : sasl2.conf
Traceback (most recent call last):
File "/usr/bin/fail2ban-regex", line 362, in ?
if fail2banRegex.readRegex(sys.argv[2]) == False:
File "/usr/bin/fail2ban-regex", line 176, in readRegex
self.__failregex = [RegexStat(m)
File "/usr/lib/python2.4/ConfigParser.py", line 525, in get
return self._interpolate(section, option, value, d)
File "/usr/lib/python2.4/ConfigParser.py", line 593, in _interpolate
self._interpolate_some(option, L, rawval, section, vars, 1)
File "/usr/lib/python2.4/ConfigParser.py", line 624, in _interpolate_some
raise InterpolationMissingOptionError(
ConfigParser.InterpolationMissingOptionError: Bad value substitution:
section: [Definition]
option : failregex
key : __prefix_line
rawval : \w{14}: (\S+ )?\[<HOST>\] did not issue
MAIL\/EXPN\/VRFY\/ETRN during connection to MTA$
Whereas grep "did not issue MAIL/EXPN" /var/log/maillog.1
gave the line in the example above.
This is on Centos 5.
Thanks
Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
|