Sorry Bill - here are my answers:
fail2ban version 0.8.13
bantime = 600
findtime = 600
maxretry = 2
[postfix]
enabled = true
port = smtp,ssmtp,submission
filter = postfix
logpath = /var/log/mail.log
_daemon = postfix/smtpd
failregex = warning: (.*)\[\]: SASL LOGIN authentication failed:
authentication failure
reject: RCPT from (.*)\[\]: 554 5.1.1
reject: RCPT from (.*)\[\]: 450 4.7.1
reject: RCPT from (.*)\[\]: 554 5.7.1
ignoreregex =
Am 26.08.2016 um 22:33 schrieb sebast...@debianfan.de:
> Hi,
>
>
> fail2ban is very effective to stop attacs on the shell accounts.
>
> The regex for postfix (mail.log) seems to be ignored.
>
> I want to stop hosts which produces the following entries in my log files:
>
> Aug 24 22:38:10 debian postfix/smtpd[2123]: NOQUEUE: reject: RCPT from
> onlinemta58.ccbcjc.com[104.223.236.58]: 550 5.1.1<i...@meinedomain.de>:
> Recipient address rejected: User unknown in virtual mailbox table;
> from=<d...@ccbcjc.com> to=<i...@lkg-nw.de> proto=ESMTP
> helo=<onlinemta58.ccbcjc.com>
>
> Aug 24 22:40:07 debian postfix/smtpd[2123]: NOQUEUE: reject: RCPT from
> unknown[95.140.39.34]: 450 4.7.1 Client host rejected: cannot find your
> hostname, [95.140.39.34]; from=<alban9e8r5n1fu...@williams-sonona.com>
> to=<i...@meinedomain.de> proto=ESMTP helo=<peninsula.williams-sonona.com>
>
> My regex seems to be wrong :-(
>
> Any suggestions ?
>
> Thx
>
> Sebastian
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
