ConfigServer Community Forum

reference as I come back to this post to help configure the rule, you change the custom_log location in /etc/csf/csf.conf

and for debian the mail file is /var/log/mail.log

to restart csf
su
csf -r (however i think it's lfd you need to restart which i did via webmin)

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ [^\s\.]+ mail auditd\[\d+\]: Audit daemon rotating log files

If I don't post back again, it's because the above has worked.

/var/log/messages:
Oct 3 14:57:01 mail auditd[1882]: Audit daemon rotating log files

ignore rule: ^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ mail auditd\[\d+\]:

Still reporting though?

I was editing /etc/cfs/regex.custom.pm instead of /usr/local/csf/bin/regex.custom.pm..................

fixed now

So something strange happened over the weekend. With all my tests I couldn't ban SASL fails, but then I got this. Sep 8 19:41:17 li622-171 postfix/smtpd[16954]: warning: unknown[89.248.172.122]: SASL LOGIN authentication failed: authentication failure Sep 8 19:43:29 li622-171 postfix/smtpd[16954]: w...

Hi I've read through quite a few posts on this forum and no one else seems to have the issue I'm having. I can't even get csf to register the postfix sasl attacks. Centos 6.3 /etc/csf/regex.custom.pm if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: war...