diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf index 4b9bf287c0..c028bcdbf0 100644 --- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf +++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf @@ -38,8 +38,13 @@ filter f_replica { not match("User has no mail_replica in userdb" value("MESSAGE")); not match("Error: sync: Unknown user in remote" value("MESSAGE")); }; +filter f_dovecot_auth_try { + not match("- trying the next passdb" value("MESSAGE")) and + not match("- trying the next userdb" value("MESSAGE")); +}; log { source(s_dgram); + filter(f_dovecot_auth_try); filter(f_replica); destination(d_stdout); filter(f_mail); diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf index c79eb92eec..1918f4a23d 100644 --- a/data/Dockerfiles/dovecot/syslog-ng.conf +++ b/data/Dockerfiles/dovecot/syslog-ng.conf @@ -38,8 +38,13 @@ filter f_replica { not match("User has no mail_replica in userdb" value("MESSAGE")); not match("Error: sync: Unknown user in remote" value("MESSAGE")); }; +filter f_dovecot_auth_try { + not match("- trying the next passdb" value("MESSAGE")) and + not match("- trying the next userdb" value("MESSAGE")); +}; log { source(s_dgram); + filter(f_dovecot_auth_try); filter(f_replica); destination(d_stdout); filter(f_mail); diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py index 36304bf0c9..01878c04f2 100644 --- a/data/Dockerfiles/netfilter/main.py +++ b/data/Dockerfiles/netfilter/main.py @@ -85,11 +85,9 @@ def refreshF2bregex(): f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+' f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+' f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+' - f2bregex[6] = r'-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),' - f2bregex[7] = r'-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' - f2bregex[8] = r'-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' - f2bregex[9] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' - f2bregex[10] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+' + f2bregex[6] = r'auth: \w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)' + f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' + f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+' r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False)) else: try: diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index c230c34950..52c258fc1b 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -278,6 +278,7 @@ imap_max_line_length = 2 M #auth_cache_negative_ttl = 0 #auth_cache_ttl = 30 s #auth_cache_size = 2 M +auth_verbose_passwords = sha1:6 service replicator { process_min_avail = 1 } diff --git a/docker-compose.yml b/docker-compose.yml index 3e413a4f74..df1c5228ee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -454,7 +454,7 @@ services: - acme netfilter-mailcow: - image: mailcow/netfilter:1.60 + image: mailcow/netfilter:1.61 stop_grace_period: 30s restart: always privileged: true