0

I am trying to create a regex filter for my failed Dovecot entries in the maillog file. What I have created is:

.*dovecot: auth: sql\(.*,<HOST>\): Password mismatch

The target line in the maillog is:

Dec  9 15:09:51 hawk888 dovecot: auth: sql(deals@sleepyvalley.net,166.175.59.157): Password mismatch

Also, when I place the variable, in a failregex, is this case sensitive or does case matter?

Can anyone help?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
ThomasJ
  • 21
  • 4
  • These links should help you https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/dovecot.conf http://wiki2.dovecot.org/HowTo/Fail2Ban – clement Dec 10 '14 at 12:36
  • Thanks for the links but I've been there and done that. I have Googled for several days about creating a regex string for Fail2Ban and looking for a filter line that matches this particular sql fail line. everything I've tried so far hasn't worked. I am using SQL authentication on my server. – ThomasJ Dec 11 '14 at 17:57

1 Answers1

2

I now have my failregex filter working. I tried using the '^'at the start and placed '$' at the end and my filter started working. Although the on-line Regex Test web page shows that my filter matches the target without these, I guess that when the filter is actually applied to a test, the start and end of the target string has to be set with them.

ThomasJ
  • 21
  • 4