On Mon, 4 May 2020, Doug Preston via Fail2ban-users wrote:
Date: Mon, 4 May 2020 23:24:07
From: Doug Preston via Fail2ban-users <fail2ban-users@lists.sourceforge.net>
Reply-To: Doug Preston <dlpres...@dlld.com>
To: fail2ban-users@lists.sourceforge.net
Subject: [Fail2ban-users] need help with filterd/postfix.conf
I am tired of the spam
I need to add a line to ban a word in the machine name in my
filter.d/postfix.conf
Log entry
May 4 08:20:37 mail postfix/smtpd[9592]: connect from
mail-a.webstudioseventyeight.com[170.130.69.8]
I am trying this
mdpr-normal =^connect from ([a-z-0-9]*\.webstudio[A-Z-0-9]*\w+\.com)[<HOST>]
Hello Doug,
I am no expert in Fail2Ban, and have not used it with Postfix, but
until somebody with better information joins in, perhaps I might be able to
nudge you towards your goal.
As I have hinted, I could be wrong, but ...
- the caret "^" indicates the start of a line. There is a date and time before the
"connect from", so perhaps there should be no caret.
- the range "[a-z]" is not the same as the range "[A-Z]", so perhaps the second instance
should be in lower case, like the first, but perhaps it would be better to use "[[:alnum:]-]" to
catch upper-case and lower-case letters, and digits, and the hyphen
- I do not know that the "\w+" is necessary.
Taken together, that would give an expression like:-
mdpr-normal = connect from ([[:alnum:]-]+\.webstudio[[:alnum:]-]+\.com)[<HOST>]
I hope that this helps until better advice is provided.
Good luck,
--
Graham
"Hanging on in quiet desperation is the English way" - Pink Floyd
<a href="http://english-1329209197.spampoison.com";>Get free spam bait here.</a>
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
