am 26.07.2012 17:14 schrieb Chris Knadle: > On Thursday, July 26, 2012 07:51:39, Peter Velan wrote: >> am 25.07.2012 12:30 schrieb Chris Knadle: >> > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote: >> >> If me, I'd filter at IP level, based on some reject log information. >> >> That's the job of fail2ban, but I dont know if it parses Exim logs. >> > >> > By default fail2ban doesn't scan Exim logs, but what logs are scanned is >> > customizable; for instance something like the following added to >> > fail2ban's jail.conf: >> > >> > ----------------------- >> > >> > # >> > # Exim4 email MTA >> > # >> > >> > [exim4] >> > >> > enabled = true >> > port = smtp >> > filter = exim4 >> > logpath = /var/log/exim4/mainlog >> > bantime = 28800 >> > maxretry = 3 >> >> I'm using daily mainlogs รก la "mainlog-20120726". What would be an >> elegant way to configure fail2ban in this case? > > For this I'd probably have logrotate remake a softlink from the daily mainlog > file to a standard filename that fail2ban can search through. This might > require using a postrotate/endscript.
Aah good idea, will try it this way. Thanks, Peter -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
