Difference between revisions of "Dovecot"
(add failregex) |
(example output with sql backend) |
||
| Line 5: | Line 5: | ||
Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output. | Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output. | ||
| − | |||
* Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,192.0.2.2): pam_authenticate() failed: User not known to the underlying authentication module | * Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,192.0.2.2): pam_authenticate() failed: User not known to the underlying authentication module | ||
* Jan 26 22:31:37 email dovecot: auth(default): pam(dan,192.0.2.2): pam_authenticate() failed: Authentication failure | * Jan 26 22:31:37 email dovecot: auth(default): pam(dan,192.0.2.2): pam_authenticate() failed: Authentication failure | ||
| − | |||
| + | Dovecot-1.0.15 with sql, and "auth_verbose = yes": | ||
| + | |||
| + | * Jan 11 03:42:09 email dovecot: auth-worker(default): sql(janfrode@tanso.net,192.168.11.16): Password mismatch | ||
| + | * Jan 11 03:45:09 email dovecot: auth-worker(default): sql(someoneelse,192.168.11.16): unknown user | ||
| + | |||
| + | With successfull logins, it doesn't print anything from "auth-worker". | ||
{{Failregex}} | {{Failregex}} | ||
Revision as of 12:22, 5 January 2009
Dovecot is a POP3/IMAP server that can also provide authentication for SMTP and other SASL services.
Dovecot-1.0.0 with pam. Other authentication mechanism probably produce different output.
- Jan 11 03:42:09 email dovecot: auth(default): pam(support@example.org,192.0.2.2): pam_authenticate() failed: User not known to the underlying authentication module
- Jan 26 22:31:37 email dovecot: auth(default): pam(dan,192.0.2.2): pam_authenticate() failed: Authentication failure
Dovecot-1.0.15 with sql, and "auth_verbose = yes":
- Jan 11 03:42:09 email dovecot: auth-worker(default): sql(janfrode@tanso.net,192.168.11.16): Password mismatch
- Jan 11 03:45:09 email dovecot: auth-worker(default): sql(someoneelse,192.168.11.16): unknown user
With successfull logins, it doesn't print anything from "auth-worker".
Failregex
The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.
The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.
Please, before editing this section, propose your changes in the discussion page first.
failregex = dovecot.*auth\(default\): pam\(.*,<HOST>\): pam_authenticate\(\) failed:
