Not matching Cyrus IMAP on FreeBSD

Create issue
Issue #98 resolved
Daniel O'Connor created an issue

Hi, I have SSHGuard v2.1 on FreeBSD 11 and it isn't matching lines like..

Aug 26 11:44:49 midget imap[96865]: badlogin: [118.144.8.198] plain [SASL(-13): authentication failure: Password verification failed]

I'm not sure why it's different to what is expected (ie badlogin: XYZ [6.6.6.0] XYZ SASL XYZ checkpass failed)

Comments (7)

  1. Daniel O'Connor reporter

    The attached patch works for me but my lex/yacc skills are poor so I have no idea if it's the right approach.

  2. Kevin Zheng
    • changed status to open

    I couldn't reproduce this using v2.1.0 on FreeBSD 11:

    $ uname -v
    FreeBSD 11.2-RELEASE-p3 #0: Thu Sep  6 07:14:16 UTC 2018     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
    
    $ git describe    
    v2.1.0
    
    $ ./sshg-parser      
    Aug 26 11:44:49 midget imap[96865]: badlogin: [118.144.8.198] plain [SASL(-13): authentication failure: Password verification failed]
    220 118.144.8.198 4 10
    

    SSHGuard correctly reports this as detected.

  3. Daniel O'Connor reporter

    Hmm, that is quite odd - I tried the sshguard-2.1.0_1 package on another host and it works too.

    Sorry for the noise.

  4. Log in to comment