On Fri, 6 Sep 2019 at 16:31, Phil Stracchino <ph...@caerllewys.net> wrote:
> On 8/10/19 2:17 AM, Dominic Raferd wrote: > > I have a fail2ban ban - quite active - based on this: > > > > failregex = ^%(__prefix_line)sdisconnect from \S+\[<HOST>\] > > (ehlo|helo)=\d+ .*auth=0/\d > > > > See also http://www.postfix.org/announcements/postfix-3.0.0.html. > > (I whitelist a few ips that are our own, or known to run auth tests). > > > Since you mention fail2ban, I've recently installed fail2ban on my mail > server with the intention of setting it up to detect brute-force login > attempts on the SMTP port and *remotely tell my firewall* to block the > offending IPs. But studying the fail2ban documentation I've so far > found, I cannot for the life of me figure out how to do this, though I > am assured by others that it is perfectly possible and should be > straightforwasrd to do. > > Can anyone by chance point me to any documentation that explains how to > do this? > For the general approach, see (for instance) the custom action section at https://darrynvt.wordpress.com/tag/custom-fail2ban-actions/
