Hi Nicolas, Thank you very much for your OpenSMTPD Fail2Ban filter. I just tried it out and it actually detects the IP address out of the log file as you can see here:
2017-08-23 17:30:13,089 fail2ban.filter [298]: INFO [opensmtpd] Found 1XX.2XX.5X.1XX but somehow does not manage add this IP address to be blocked by iptables. Maybe my jail.conf entry for that filter is wrong, I currently added the following entry: [opensmtpd] enabled = yes port = smtp logpath = /var/log/mail.log Any ideas? I am running Debian 9 as OS. Regards, Mabi > -------- Original Message -------- > Subject: Re: Fail2Ban filter for OpenSMTPD > Local Time: August 23, 2017 4:33 PM > UTC Time: August 23, 2017 2:33 PM > From: [email protected] > To: [email protected] > > Hi > > I know some people was searching for fail2ban filters for opensmtpd. > > I had the same need, and I"ve created my own simple filter, I share it here > if it can help. > > # Fail2Ban filter for opensmtpd > # Author: Nicolas Repentin > # > > [INCLUDES] > > # Read common prefixes. If any customizations available -- read them from > # common.local > before = common.conf > > [Definition] > > failregex = ^.*smtp event=connected address=<HOST>.*\n.*smtp > event=failed-command command="AUTH > LOGIN" result="503 5.5.1 Invalid command: Command not supported > > ignoreregex = > > [Init] > maxlines = 2 > > It only work actually for this example: > > #Aug 23 10:48:54 myserver smtpd[17412]: abc813f0c6789766 smtp event=connected > address=177.135.X.X > host=hidden.host.com > #Aug 23 10:48:55 myserver smtpd[17412]: abc813f0c6789766 smtp > event=failed-command command="AUTH > LOGIN" result="503 5.5.1 Invalid command: Command not supported" > > Nicolas
