Greets: I've been flipping over my exim4 logs and noticed a pattern. I block on certain addresses where I know spammers have in their mail lists. For example:
2015-06-22 14:09:47 H=(1.2.3.4) [5.6.7.8] F=<[email protected]> rejected RCPT <[email protected]>: You are a spammer. Go away. After a few of those, the spammer script tries a random and madeup address and that gets through I'm trying to setup a fail2ban block using that line from my logs up there. I'm real bad with writing regex statements so I'm asking for help. I;m looking at this "tutorial" here: http://info.comodo.priv.at/oldblog/articles/exim_fail2ban/ using my example line, what would you put for the address and failregex lines? Thank you for your time, -drmike ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
