Menu
▾
▴
[Sshguard-users] improved attack_scanner.l file proposal
|
From: Oliver F. <ol...@fa...> - 2014-08-22 09:00:43
|
HI all,
Can someone please add the following to the attack_scanner.l file (found in src/parser)
* Exim2 by Nick: */
.*"login authenticator failed for ".+" ([" { BEGIN(exim_esmtp_autherr); return EXIM_ESMTP_AUTHFAIL_PREF; }
<exim_esmtp_autherr>"]) [" { BEGIN(exim_esmtp_autherr); return EXIM_ESMTP_AUTHFAIL_PREF; }
<exim_esmtp_autherr>"]: 535 Incorrect authentication data (set_id=".+")" { BEGIN(INITIAL); return EXIM_ESMTP_AUTHFAIL_SUFF; }
This should tackle exim abuse better than the current line for exim.
Thanks!
OllieJim |
