blob: d79bdc4d0b914df9aea0382d04522848e5462528 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
--- /dev/null 2012-11-27 18:33:00.000000000 +0100
+++ config/filter.d/bsd-sendmail.conf 2012-11-27 18:32:47.000000000 +0100
@@ -0,0 +1,35 @@
+# Fail2Ban configuration file
+#
+# Source: http://www.the-art-of-web.com/system/fail2ban-sendmail
+# Contributors: Gutza, the SASL regex
+#
+# $Revision$
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# The host must be matched by a group named "host".
+# The tag "<HOST>" can be used for standard IP/hostname matching
+# and is only an alias for (':::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+
+failregex = \[<HOST>\] .*to MTA
+# \[<HOST>\] \(may be forged\)
+ \[<HOST>\], reject.*\.\.\. Relaying denied
+ (User unknown)\n* \[<HOST>\]
+ badlogin: .* \[<HOST>\] plaintext .* SASL
+ \[<HOST>\]: possible SMTP attack:
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matces, the line is ignored.
+# Values: TEXT
+
+ignoreregex =
+
|
