Fix for courier-imaps and courier-pop3s

[marcele]

It looks like the regex for courier-imaps and courier-pop3s regex on centos 7 isn't working (The old version doesn't match imaps or pop3s:

Some samples:

Code: Select all

Nov 29 04:15:43 master courier-imaps: LOGIN FAILED, user=xxxx@xxxx.com, ip=[::ffff:xxx.xxx.xxx.xxx]
Nov 29 06:58:12 master courier-imaps: LOGIN FAILED, user=xxx@xxxx.de, ip=[2001:0:0:5c29:234f:58ff:fe2a:25d5]

The fix

Code: Select all

#courier-imap (Plesk)
if (($config{LF_POP3D}) and ($globlogs{POP3D_LOG}{$lgfile}) and ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ (courier-)?pop3(?:d|s)(-ssl)?: LOGIN FAILED, user=(\S*), ip=\[(\S+)\]\s*$/)) {
	my $ip = $5;
	my $acc = $4;
	$ip =~ s/^::ffff://;
	if (checkip(\$ip)) {return ("Failed POP3 login from","$ip|$acc","pop3d")} else {return}
}
if (($config{LF_IMAPD}) and ($globlogs{IMAPD_LOG}{$lgfile}) and ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ (courier-)?imap(?:d|s)(-ssl)?: LOGIN FAILED, user=(\S*), ip=\[(\S+)\]\s*$/)) {
	my $ip = $5;
	my $acc = $4;
	$ip =~ s/^::ffff://;
	if (checkip(\$ip)) {return ("Failed IMAP login from","$ip|$acc","imapd")} else {return}
}

[marcele]

Just wanted to say thanks for getting this fixed so quickly. I hope you guys have a good X-mas!