sshguard not detecting SASL LOGIN failures

Create issue
Issue #145 resolved
Former user created an issue

System:

OS = FreeBSD 12.2-RELEASE-p11
SSHGUARD = 2.4.2_1,1 (binary)
FW = PF

Config:

BACKEND="/usr/local/libexec/sshg-fw-pf"
FILES="/var/log/auth.log /var/log/maillog"

Behaviour:

571 logs in /var/log/maillog with:
postfix/smtps/smtpd[67834]: warning: unknown[a.b.c.d]: SASL LOGIN authentication failed: authentication failure

Issue:

No logs whatsoever in /var/log/messages showing this to be picked-up by sshguard.

Remark:

There are many messages regarding blocking IP's for failed login attempts on service SSH.

Comments (2)

  1. Kevin Zheng
    • changed status to open

    Thanks for the report. Indeed, this signature is not detected by the parser.

    I will take a look at updating the signature for Postfix SASL, unless you can beat me to it with a patch.

  2. Log in to comment