On 08/06/2023 11:30, David Matthews wrote:
The tool evaluates the log file, right?
yes
Your problem would be to write a regex that matches the lines in the log file
that you don't want to see. That has to be doable, but may well be painful :-)
I have fail2ban watch every service my machines offer - web, mail exchnger,
name server - except ssh access, which it's usually used for. I deal with ssh
by only allowing it from a small number of ipv4 addresses.
I got lucky with exim4 as the supplied regex picks up all the stuff I don't
want and recently that seems to have become pretty important. For apache2 (with
modsecurity) and the nameserver, I had to produce a regex myself - ouch. But
once you have that it's the bees knees. You can block these bad guys for as
long as you like.
David Matthews
To chip-in. It should be possible to configure logback to: output only log entries for failing
connections (e.g. for org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest) and with
simplified entry (e.g. only the error message) that should make writing regexp simpler.
Wojtek
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org