different version of squirrelmail - different behavior when log-in with wrong username/password

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

different version of squirrelmail - different behavior when log-in with wrong username/password

Miroslav Geisselreiter
I use squirrelmail-1.4.8-21.el5.centos, plugin
squirrel_logger-2.3.1-1.2.7, sendmail-8.13.8-10.el5_11,
dovecot-1.0.7-9.el5_11.4, php-5.1.6-45.el5_11,
httpd-2.2.3-91.el5.centos, fail2ban-0.8.14-1.el5, CentOS 5 with kernel
2.6.18-406.el5.
When I try login to squirrelmail with bad user or bad password, I get
message: Unknown user or password incorrect. squirrel-plugin write about
that to logfile and fail2ban read that bad attempts and do its work (I
want to use fail2ban for blocking attacks).

New servers:
CentOS 6: squirrelmail-1.4.22-4.el6.noarch, plugin
squirrel_logger-2.3.1-1.2.7, sendmail-8.14.4-9.el6.x86_64,
dovecot-2.0.9-19.el6.1.x86_64, php-5.3.3-46.el6_6.x86_64,
httpd-2.2.15-47.el6.centos.x86_64, fail2ban-0.9.2-1.el6.noarch, kernel
2.6.32-504.16.2.el6.x86_64.
CentOS 7: squirrelmail-1.4.22-15.el7.noarch, plugin
squirrel_logger-2.3.1-1.2.7, postfix-2.10.1-6.el7.x86_64,
dovecot-2.2.10-4.el7_0.1.x86_64, php-5.4.16-36.el7_1.x86_64,
httpd-2.4.6-31.el7.centos.1.x86_64, fail2ban-0.9.2-1.el7.noarch, kernel
3.10.0-229.11.1.el7.x86_64.

When I try login to squirrelmail with bad user or bad password, I get
another message: ERROR: Connection dropped by IMAP server.
squirrel-plugin do nothing.

Here are logs:
CentOS 5:
/var/log/secure
Sep  9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error resolving user
name 'pokusak' to uid/gid pair
Sep  9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error getting
information about 'pokusak'
Sep  9 09:18:16 pink dovecot-auth: pam_unix(dovecot:auth): check pass;
user unknown
Sep  9 09:18:16 pink dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=::ffff:127.0.0.1
Sep  9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error resolving user
name 'pokusak' to uid/gid pair
Sep  9 09:18:16 pink dovecot-auth: pam_krb5[30187]: error getting
information about 'pokusak'
Sep  9 09:18:16 pink dovecot-auth: pam_succeed_if(dovecot:auth): error
retrieving information about user pokusak
/var/log/maillog
Sep  9 09:18:19 pink dovecot: imap-login: Aborted login: user=<pokusak>,
method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, TLS

CentOS 6:
/var/log/secure
Sep  9 09:24:22 purple auth: pam_krb5[20083]: error resolving user name
'pokusak' to uid/gid pair
Sep  9 09:24:22 purple auth: pam_krb5[20083]: error getting information
about 'pokusak'
Sep  9 09:24:22 purple auth: pam_unix(dovecot:auth): check pass; user
unknown
Sep  9 09:24:22 purple auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=pokusak
rhost=192.168.140.245
Sep  9 09:24:22 purple auth: pam_succeed_if(dovecot:auth): error
retrieving information about user pokusak
/var/log/maillog
Sep  9 09:24:26 purple dovecot: imap-login: Aborted login (auth failed,
1 attempts): user=<pokusak>, method=PLAIN, rip=192.168.140.245,
lip=192.168.140.245, TLS

I need the same behavior as CentOS 5: Get correct message about Unknown
user or password incorrect (or make squirrel-plugin write something to
log). I want to use fail2ban for blocking attacks with new servers with
CentOS 6 and CentOS 7.

I googled a lot but find no answers to my problem.

Any help will be appreciated.

--
Miroslav Geisselreiter
IT administrator


------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users