fail2ban/config/filter.d/exim-spam.conf

# Fail2Ban filter for exim the spam rejection messages
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# exim-common.local
before = exim-common.conf

[Definition]

failregex =  ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$
             ^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$

ignoreregex = 

# DEV Notes:
# The %(host_info) defination contains a <HOST> match
#
# Author: Cyril Jaquier
#         Daniel Black (rewrote with strong regexs)
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter for exim the spam rejection messages`
ENH: split out exim-spam into speparate filter 2013-07-02 10:03:16 +00:00			`#`

			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# exim-common.local`
			`before = exim-common.conf`

			`[Definition]`

			`failregex = ^%(pid)s \S+ F=(<>\|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$`
			`^%(pid)s %(host_info)sF=(<>\|[^@]+@\S+) rejected RCPT [^@]+@\S+: .dnsbl.\s*$`
			`^%(pid)s \S+ %(host_info)sF=(<>\|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$`

			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
			`# DEV Notes:`
			`# The %(host_info) defination contains a <HOST> match`
			`#`
			`# Author: Cyril Jaquier`
			`# Daniel Black (rewrote with strong regexs)`