I am running with fail2ban and postfix that ship with Ubuntu 10.04

fail2ban was not blocking password guessing attempts to the mail server but was to ssh, so I took a closer look at the logs and regex.

Log line:
Aug  2 22:20:17 ym-linode-01 postfix/smtpd[18196]: warning: adsl-074-238-194-123.sip.mem.bellsouth.net[74.238.194.123]: SASL LOGIN authentication failed: authentication failure

Built-in regex:
(?i): warning: [-._\w]+\[(?:::f{4,6}:)?(?P<host>\S+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$

New regex:
(?i): warning: [-._\w]+\[(?:::f{4,6}:)?(?P<host>\S+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/\W]*={0,2})?$

The new regex just allows whitespace in the final section of the line to match "authentication failure".

- Y