Fail2ban Error in file postfix-sasl.conf

my old file conf was :
failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*={0,2})?\s*$

If you go to https://regex101.com/ you can test the regular expression on the log string :

May 10 15:57:59 mail postfix/smtpd[28617]: warning: ip43.ip-192-99-125.net[192.99.125.43]: SASL LOGIN authentication failed: Connection lost to authentication server

I corrected the error and the the configuration is :

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+:]*={0,2})?\s*$

You can leave also the first setting but it is not necessary.

Some others command to do test:

fail2ban-client ping
fail2ban-client status
fail2ban-client status dovecot
fail2ban-client status postfix-sasl

fail2ban-regex /root/software/test_fail2ban_dovecot.log /etc/fail2ban/filter.d/dovecot.conf

You can test a piece of log file with a configuration jail file using the command fail2ban-regex

 

Leave a Reply