Difference between revisions of "Talk:Dovecot"

From Fail2ban
Jump to navigationJump to search
(New page: If you want to catch this:<br> Aug 29 19:45:13 MyHostName dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=123.123.123.123 <br> ...)
 
Line 4: Line 4:
 
Here is the regex:<br>
 
Here is the regex:<br>
 
dovecot.*authentication failure.*rhost\=<host><br>
 
dovecot.*authentication failure.*rhost\=<host><br>
 +
 +
To catch lines like:
 +
dovecot: pop3-login: Aborted login (1 authentication attempts): user=<usrnm>, method=PLAIN, rip=192.168.2.4, lip=192.168.2.5
 +
the regexp is:
 +
dovecot.*pop3-login.*Aborted login.*rip=<HOST>.*

Revision as of 13:02, 4 September 2008

If you want to catch this:
Aug 29 19:45:13 MyHostName dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=123.123.123.123

Here is the regex:
dovecot.*authentication failure.*rhost\=<host>

To catch lines like: dovecot: pop3-login: Aborted login (1 authentication attempts): user=<usrnm>, method=PLAIN, rip=192.168.2.4, lip=192.168.2.5 the regexp is: dovecot.*pop3-login.*Aborted login.*rip=<HOST>.*

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Talk:Dovecot&oldid=2259"