* mabi <[email protected]> le [17-06-2017 05:57:19 -0400]: > Hi there, > > Does anyone have a fail2ban filter for OpenSMTPD? > > I would like to block the many many AUTH LOGIN attempts as you can see here > from the logs: > > Jun 17 11:55:49 gw smtpd[594]: 7eeebcc95623efe1 smtp event=failed-command > command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not supported" > Jun 17 11:55:52 gw smtpd[594]: 7eeebcc95623efe1 smtp event=closed > reason="io-error: Connection reset by peer" >
Hi,
I use a hand-made tool [1] that check logs (like fail2ban does).
The relevant regex for smtpd is :
.* event=failed-command address=([\S]+) .*
[1] : https://framagit.org/Thuban/vilain
--
:thuban
signature.asc
Description: PGP signature
