Talk:Dovecot

From Fail2ban
Revision as of 13:03, 4 September 2008 by 81.74.103.95 (talk)
Jump to navigationJump to search

If you want to catch this:
Aug 29 19:45:13 MyHostName dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=123.123.123.123

Here is the regex:
dovecot.*authentication failure.*rhost\=<host>

To catch lines like:
dovecot: pop3-login: Aborted login (1 authentication attempts): user=<usrnm>, method=PLAIN, rip=192.168.2.4, lip=192.168.2.5
the regexp is:
dovecot.*pop3-login.*Aborted login.*rip=<HOST>.*

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Talk:Dovecot&oldid=2260"