On Thursday, July 26, 2012 07:51:39, Peter Velan wrote: > am 25.07.2012 12:30 schrieb Chris Knadle: > > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote: > >> If me, I'd filter at IP level, based on some reject log information. > >> That's the job of fail2ban, but I dont know if it parses Exim logs. > > > > By default fail2ban doesn't scan Exim logs, but what logs are scanned is > > customizable; for instance something like the following added to > > fail2ban's jail.conf: > > > > ----------------------- > > > > # > > # Exim4 email MTA > > # > > > > [exim4] > > > > enabled = true > > port = smtp > > filter = exim4 > > logpath = /var/log/exim4/mainlog > > bantime = 28800 > > maxretry = 3 > > I'm using daily mainlogs รก la "mainlog-20120726". What would be an > elegant way to configure fail2ban in this case?
For this I'd probably have logrotate remake a softlink from the daily mainlog file to a standard filename that fail2ban can search through. This might require using a postrotate/endscript. -- Chris -- Chris Knadle [email protected] -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
