Sorry Bill - here are my answers:

fail2ban version 0.8.13

bantime  = 600
findtime = 600
maxretry = 2


[postfix]
enabled  = true
port     = smtp,ssmtp,submission
filter   = postfix
logpath  = /var/log/mail.log



_daemon = postfix/smtpd
failregex = warning: (.*)\[\]: SASL LOGIN authentication failed: 
authentication failure
                 reject: RCPT from (.*)\[\]: 554 5.1.1
                 reject: RCPT from (.*)\[\]: 450 4.7.1
                 reject: RCPT from (.*)\[\]: 554 5.7.1
ignoreregex =






Am 26.08.2016 um 22:33 schrieb sebast...@debianfan.de:
> Hi,
>
>
> fail2ban is very effective to stop attacs on the shell accounts.
>
> The regex for postfix (mail.log) seems to be ignored.
>
> I want to stop hosts which produces the following entries in my log files:
>
>    Aug 24 22:38:10 debian postfix/smtpd[2123]: NOQUEUE: reject: RCPT from
> onlinemta58.ccbcjc.com[104.223.236.58]: 550 5.1.1<i...@meinedomain.de>:
> Recipient address rejected: User unknown in virtual mailbox table;
> from=<d...@ccbcjc.com>  to=<i...@lkg-nw.de>  proto=ESMTP
> helo=<onlinemta58.ccbcjc.com>
>
> Aug 24 22:40:07 debian postfix/smtpd[2123]: NOQUEUE: reject: RCPT from
> unknown[95.140.39.34]: 450 4.7.1 Client host rejected: cannot find your
> hostname, [95.140.39.34]; from=<alban9e8r5n1fu...@williams-sonona.com>
> to=<i...@meinedomain.de>  proto=ESMTP helo=<peninsula.williams-sonona.com>
>
> My regex seems to be wrong :-(
>
> Any suggestions ?
>
> Thx
>
> Sebastian
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users


------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to