fail2ban/config/filter.d/sendmail-auth.conf

# Fail2Ban filter for sendmail authentication failures
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))

failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$

ignoreregex =

[Init]

journalmatch = _SYSTEMD_UNIT=sendmail.service

# DEV Notes:
#
# Author: Daniel Black
ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 08:16:49 +00:00			`# Fail2Ban filter for sendmail authentication failures`
			`#`

			`[INCLUDES]`

			`before = common.conf`

			`[Definition]`

filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) 2018-01-10 13:48:25 +00:00			`_daemon = (?:sendmail\|sm-(?:mta\|acceptingconnections))`
ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 08:16:49 +00:00
			`failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$`

			`ignoreregex =`

Add sendmail journalmatch options 2016-10-03 22:26:11 +00:00			`[Init]`

			`journalmatch = _SYSTEMD_UNIT=sendmail.service`

ENH: add filter for sendmail-{auth,spam}. Closes gh-20 2014-02-26 08:16:49 +00:00			`# DEV Notes:`
			`#`
			`# Author: Daniel Black`