summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/files/etc/fail2ban/filter.d/dovecot.conf49
1 files changed, 0 insertions, 49 deletions
diff --git a/roles/common/files/etc/fail2ban/filter.d/dovecot.conf b/roles/common/files/etc/fail2ban/filter.d/dovecot.conf
deleted file mode 100644
index c8f5345..0000000
--- a/roles/common/files/etc/fail2ban/filter.d/dovecot.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-# Fail2Ban filter Dovecot authentication and pop3/imap/managesieve server
-# guilhem 2020-05-19: This is the filter from Buster (fail2ban
-# 0.10.2-2.1) with managesieve to the list of protected services
-#
-
-[INCLUDES]
-
-before = common.conf
-
-[Definition]
-
-_auth_worker = (?:dovecot: )?auth(?:-worker)?
-_daemon = (?:dovecot(?:-auth)?|auth)
-
-prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve)-login: )?(?:Info: )?<F-CONTENT>.+</F-CONTENT>$
-
-failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$
- ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
- ^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\)|Permission denied)\s*$
- ^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:unknown user|invalid credentials)\s*$
- <mdre-<mode>>
-
-mdre-aggressive = ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
-
-mdre-normal =
-
-# Parameter `mode` - `normal` or `aggressive`.
-# Aggressive mode can be used to match log-entries like:
-# 'no auth attempts', 'disconnected before auth was ready', 'client didn't finish SASL auth'.
-# Note it may produce lots of false positives on misconfigured MTAs.
-# Ex.:
-# filter = dovecot[mode=aggressive]
-mode = normal
-
-ignoreregex =
-
-journalmatch = _SYSTEMD_UNIT=dovecot.service
-
-datepattern = {^LN-BEG}TAI64N
- {^LN-BEG}
-
-# DEV Notes:
-# * the first regex is essentially a copy of pam-generic.conf
-# * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
-#
-# Author: Martin Waschbuesch
-# Daniel Black (rewrote with begin and end anchors)
-# Martin O'Neal (added LDAP authentication failure regex)
-# Sergey G. Brester aka sebres (reviewed, optimized, IPv6-compatibility)