From: Amir C. <ce...@3p...> - 2012-04-17 22:44:45
|
There should be... a trailing period is not allowed in either host names or IPs. The <HOST> macro should be rewritten to exclude trailing periods, though I don't know where that would be done. --- Amir thumbed via iPhone On Apr 17, 2012, at 4:20 PM, Ed Ravin <er...@pa...> wrote: > When testing a new filter with fail2ban-regex, I saw warnings like this: > > Unable to find a corresponding IP address for 192.168.1.2. > Unable to find a corresponding IP address for 192.168.1.2. > > That shouldn't happen, that warning is for unresolvable hostnames. But > it turned out that the IP address string, with the trailing period, appears > in the log file: > > roundcube: IMAP Error: Login failed for no...@ex... from 192.168.1.2. AUTHENTICATE PLAIN: Authentication failed. > > I changed my fail2ban-regex from this: > > roundcube: IMAP Error: Login failed for .+ from <HOST> > > To this: > > roundcube: IMAP Error: Login failed for .+ from <HOST>\. > > and that fixed the problem. I guess if <HOST> is meant to match both IP > addresses and host names, there's no way to avoid this ambiguity? > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |