I use squirrelmail-1.4.8-21.el5.centos, plugin squirrel_logger-2.3.1-1.2.7, sendmail-8.13.8-10.el5_11, dovecot-1.0.7-9.el5_11.4, php-5.1.6-45.el5_11, httpd-2.2.3-91.el5.centos, fail2ban-0.8.14-1.el5, CentOS 5 with kernel 2.6.18-406.el5. When I try login to squirrelmail with bad user or bad password, I get message: Unknown user or password incorrect. squirrel-plugin write about that to logfile and fail2ban read that bad attempts and do its work (I want to use fail2ban for blocking attacks). New servers: CentOS 6: squirrelmail-1.4.22-4.el6.noarch, plugin squirrel_logger-2.3.1-1.2.7, sendmail-8.14.4-9.el6.x86_64, dovecot-2.0.9-19.el6.1.x86_64, php-5.3.3-46.el6_6.x86_64, httpd-2.2.15-47.el6.centos.x86_64, fail2ban-0.9.2-1.el6.noarch, kernel 2.6.32-504.16.2.el6.x86_64. CentOS 7: squirrelmail-1.4.22-15.el7.noarch, plugin squirrel_logger-2.3.1-1.2.7, postfix-2.10.1-6.el7.x86_64, dovecot-2.2.10-4.el7_0.1.x86_64, php-5.4.16-36.el7_1.x86_64, httpd-2.4.6-31.el7.centos.1.x86_64, fail2ban-0.9.2-1.el7.noarch, kernel 3.10.0-229.11.1.el7.x86_64. When I try login to squirrelmail with bad user or bad password, I get another message: ERROR: Connection dropped by IMAP server. squirrel-plugin do nothing. Here are logs: CentOS 5: /var/log/secure Sep 9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error resolving user name 'pokusak' to uid/gid pair Sep 9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error getting information about 'pokusak' Sep 9 09:18:16 pink dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 9 09:18:16 pink dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1 Sep 9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error resolving user name 'pokusak' to uid/gid pair Sep 9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error getting information about 'pokusak' Sep 9 09:18:16 pink dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user pokusak /var/log/maillog Sep 9 09:18:19 pink dovecot: imap-login: Aborted login: user=<pokusak>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, TLS CentOS 6: /var/log/secure Sep 9 09:24:22 purple auth: pam_krb5[20083]: error resolving user name 'pokusak' to uid/gid pair Sep 9 09:24:22 purple auth: pam_krb5[20083]: error getting information about 'pokusak' Sep 9 09:24:22 purple auth: pam_unix(dovecot:auth): check pass; user unknown Sep 9 09:24:22 purple auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=pokusak rhost=192.168.140.245 Sep 9 09:24:22 purple auth: pam_succeed_if(dovecot:auth): error retrieving information about user pokusak /var/log/maillog Sep 9 09:24:26 purple dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<pokusak>, method=PLAIN, rip=192.168.140.245, lip=192.168.140.245, TLS I need the same behavior as CentOS 5: Get correct message about Unknown user or password incorrect (or make squirrel-plugin write something to log). I want to use fail2ban for blocking attacks with new servers with CentOS 6 and CentOS 7. I googled a lot but find no answers to my problem. Any help will be appreciated. -- Miroslav Geisselreiter IT administrator ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
