7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Fail2ban] Added more regex to match failed or disallowed logins to Dovecot, changed Mailcow to mailcow

Browse Source
This commit is contained in:
andryyy
2017-07-02 11:10:35 +02:00
parent cf594fbabd
commit b7cb4ac9d5
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
data/Dockerfiles/fail2ban/logwatch.py
View File

@@ -40,8 +40,11 @@ RULES[php_fpm_container] = {}
RULES[postfix_container][1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed'
RULES[dovecot_container][1] = '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),'
RULES[dovecot_container][2] = '-login: Disconnected \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[dovecot_container][3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[dovecot_container][4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[sogo_container][1] = 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked'
RULES[php_fpm_container][1] = 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
RULES[php_fpm_container][1] = 'mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
r.setnx("F2B_BAN_TIME", "1800")