What log file are those messages from? Are they from '/var/log/maillog'?
If so, you might look at /var/log/qmail/smtp/current to see if it offers
anything you can use. On my system, spamdyke lines in that log include:
origin_ip: 1.2.3.4
so if these attacks cause text to be written to
Sam,
Is there a way to get spamdyke to log invalid authorizations in a manner
that fail2ban can use? My host has been hit continuously with
brute-force attacks. Unfortunately, the logs only have:
Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info]
FILTER_AUTH_REQUIRED
Jul 22
Hi Sam,
I just had a chance to have a go with the tests, and just as you expected it
was down to the rDNS of the sender being whitelisted.
I don't know how many times I'd checked, and missed seeing it :)
Unfortunately I can't remember why I whitelisted it :( It belongs to an ESP.
If they
