Clean up

lib/dovecot_parser.pm

@@ -56,8 +56,11 @@ sub parser {
 			m/(((Info: |)conn unix:auth-worker \(uid=([0-9]{1,9})\): auth-worker<([0-9]{1,9}>: pam\(([a-zA-Z0-9@._-]*),($re_host),<($re_uid)>\): unknown user)))/gi && do {
 				$host	= $7; 
 			};
-	} elsif($string =~ m/ imap-login: (Info: |)Disconnected/) {
-		if($string =~ m/Connection closed/) {
+	} elsif($string =~ m/ imap-login: (Info: |)(Disconnected|Authenticate PLAIN failed)/) {
+		if($string =~ m/Connection closed \(client didn't send a cert\)/) {
+			$hostile	= 1;
+			$reply		= 'No certificate';
+		} elsif($string =~ m/Connection closed/) {
 			$hostile	= 0;
 			$reply		= 'Disconnecting is legit';
 		} elsif($string =~ m/ TLS handshaking: /) {
@@ -72,6 +75,9 @@ sub parser {
 		} elsif($string =~ m/client didn't finish SASL auth/) {
 			$reply		= 'Timeout waiting for SASL auth';
 			$hostile	= 1;
+		} elsif($string =~ m/client didn't send a cert/) {
+			$reply		= 'No cert from client';
+			$hostile	= 1;
 		} elsif($string =~ m/no auth attempts in/) {
 			if($string =~ m/, secured/) {
 				$reply		= 'Secured Disconnect during auth, either sleeping phone or attack on webmail';
@@ -80,6 +86,9 @@ sub parser {
 				$reply		= 'Non-secure disconnect during auth';
 				$hostile	= 1;
 			}
+		} elsif($string =~ m/Unsupported authentication mechanism/) {
+			$reply		= 'Unsupported auth mechanism';
+			$hostile	= 1;
 		}
 		if($hostile) {
 			$_		= $string;

lib/exim_parser.pm

@@ -161,15 +161,8 @@ sub parser {
 				$host	= $2;
 			};
 	} elsif($string =~ m/SSL_write: /) {
-		unless($string =~ m/syscall: Broken pipe/) { #If we get a broken pipe, it's most likely because we blocked the ip earlier, and this is just the pipe timing out
-			$_		= $string;
-			$reply		= 'SSL error';
-			$hostile	= 1;
-			PARSE:
-				m/(\ \[$re_host\]\))/gcix && do {
-					$host	= $2;
-				};
-		}
+		$_		= $string;
+		$reply		= 'SSL write error'; #Most, if not all of these, are because we have blocked the ip
 	} elsif($string =~ m/TLS ALPN/) {
 		if($string =~ m/rejected$/) {
 			$reply	= 'TLS ALPN rejected'

lib/ssh.pm

@@ -20,13 +20,12 @@ sub fetch {
 	my $retmsg;
 	my @toreturn;
 	unless($seq) {
-		my $seqsth	= $self->{'dbh'}->prepare("SELECT seq FROM logs WHERE program = 'sshd' ORDER BY seq DESC LIMIT 1") or $retmsg = DBI::errstr;
-		$seqsth->execute or $retmsg = DBI::errstr unless($retmsg);
-		$seq            = $seqsth->fetchrow_arrayref->[0] or $retmsg = DBI::errstr unless($retmsg);
+		my $seqsth	= $self->{'dbh'}->prepare("SELECT seq FROM logs WHERE program = 'sshd' ORDER BY seq DESC LIMIT 1") or return { retval => 0, retmsg => DBI::errstr, error => 1 };
+		$seqsth->execute or return { retval => 0, retmsg => DBI::errstr, error => 1};
+		$seq            = $seqsth->fetchrow_arrayref->[0] or return { retval => 0, retmsg => DBI::errstr, error => 1};
 	}
-	return { retval => 0, retmsg => $retmsg, error => 1 } if($retmsg);
-	my $sth = $self->{'dbh'}->prepare("SELECT msg,seq FROM logs WHERE program = 'sshd' AND seq > $seq") or $retmsg = DBI::errstr unless($retmsg);
-	$sth->execute or $retmsg = DBI::errstr unless($retmsg);
+	my $sth = $self->{'dbh'}->prepare("SELECT msg,seq FROM logs WHERE program = 'sshd' AND seq > $seq") or return { retval => 1, retmsg => DBI::errstr, error => 1 };
+	$sth->execute or return { retval => 0, retmsg => DBI::errstr, error => 1};
 	while(my $ref = $sth->fetchrow_hashref) {
 		my $string      = $$ref{'msg'};
 		$seq            = $$ref{'seq'};