fail2ban can't match regex for exim4 / dovecot
Posted: Wed Nov 04, 2015 3:39 pm
When I enable the Dovecot jail, it doesn't work because the regex doesn't match the authentication error I'm getting.
Nov 04 16:26:17 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:33 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:45 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:56 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
I've spent a few days trying to understand how to write a regex to find this in the dovecot.log but it's a little bit outside my ability.
Does anyone know a regex line I can use to match this error (I get about 30 to 80 a day from various IPs - this one was specifically me testing the regex)....
Thank you kindly.
Michael
Nov 04 16:26:17 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:33 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:45 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
Nov 04 16:26:56 auth: Error: passwd-file(whatuphomeboy4,72.249.37.67): stat(/etc/exim4/domains//passwd) failed: No such file or directory
I've spent a few days trying to understand how to write a regex to find this in the dovecot.log but it's a little bit outside my ability.
Does anyone know a regex line I can use to match this error (I get about 30 to 80 a day from various IPs - this one was specifically me testing the regex)....
Thank you kindly.
Michael