Dusan, This may be true for some messages of a normal sequence.
I currently have log_level=5 and I cannot directly extract the ip from
the error line, eg 'ESMTP: notice: client broke the connection without a
QUIT ()'.
The ip may be there somewhere else but this is not suitable for fail2ban.
Of course, I can write my own version of fail2ban ...!?
Am 19.01.2017 um 17:04 schrieb Dusan Obradovic:
On Jan 19, 2017, at 16:55, Martin Schmid <[email protected]
<mailto:[email protected]>> wrote:
I accidently didn't reply to the list before, so here's a little summary:
In general, my setup is working flawlessly with amavis as frontend
and xmail as backend server.
Since amavis behaves as a kind of proxy, it also sends the error
status codes from the real SMTP server to the client while connected.
There may be disadvantages exposing amavis but I'm pretty satified so
far.
My goal would be to use fail2ban to automatically lock out ip
adresses that cause some errors such ass dropping sessions without quit.
To accomplish this I would need to find the offending IP in the log.
That's all I'm after.
It seems that there is no option covering this. It seems that I have
to patch the script.
Martin, the option you are looking for is $log_level, you need to
increase amavisd verbosity to log all the information during the SMTP
transaction.
At $log_level = 2, amavisd would log the connected smtp client ip address.
--
Martin Schmid
APS systems AG, Neumatt 4, CH-4626 Niederbuchsiten
Tel direkt: +41 62 389 8891, Fax: +41 62 389 8880, Tel: +41 62 389 8888
www.aps-systems.ch
