I run Kerio mailserver as my main email gateway. I'm trying to parse the log files for failed logins, and have it parse by Blockhosts. I've removed my domain since it's still active, and would rather not get -more- spam. I've also removed a large chunk of standard configuration expressions to save space.
Sample log entry:
[03/Sep/2011 18:42:01] Failed POP3 login from 245.26.9.176, user admin@.
Calculated regex:
"pop3-brute"
r'[\d\d/.../\d\d\d\d \d\d:\d\d:\d\d] Failed POP3 login from {HOST_IP},.*',
When I try and do a dry-run...
blockhosts.py --debug --dry-run
ERROR: Config file Error: invalid line or value found:
ALL_REGEXS = { # NOTE: see ENABLE_RULES definition also, not all rules enabled
"sshd-Invalid":
r'{LOG_PREFIX{sshd}} (Invalid|Illegal) user .* from {HOST_IP}',
. . . v Standard Config Lines ^
"postfix-smtpdNonSMTPCommand":
r'{LOG_PREFIX{postfix/smtpd}} warning: non-SMTP command from .*\[{HOST_IP}]: Subject:',
"pop3-brute"
r'[\d\d/.../\d\d\d\d \d\d:\d\d:\d\d] Failed POP3 login from {HOST_IP},.*',
}
Traceback (most recent call last):
File "/usr/bin/blockhosts.py", line 2101, in
sys.exit(main())
File "/usr/bin/blockhosts.py", line 1957, in main
config.add_section(BlockHostsConfig())
File "/usr/bin/blockhosts.py", line 428, in add_section
self._load_configfile(section.NAME)
File "/usr/bin/blockhosts.py", line 486, in _load_configfile
self._config[key] = eval(allitems[key])
File "", line 43
}
^
SyntaxError: invalid syntax
"postfix-smtpdNonSMTPCommand
Has at least two mistakes:
1) It is not indented by 4 characters - Python requirement to follow indentation of previous line.
2) Missing : and , after pop3-brute line.