2013-04-28 08:44:31 +00:00
|
|
|
# Fail2Ban configuration file
|
|
|
|
# for Anti-Spam SMTP Proxy Server also known as ASSP
|
|
|
|
# Honmepage: http://www.magicvillage.de/~Fritz_Borgstedt/assp/0003D91C-8000001C/
|
|
|
|
# ProjektSite: http://sourceforge.net/projects/assp/?source=directory
|
|
|
|
#
|
|
|
|
# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
|
|
|
|
#
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
# Option: failregex
|
|
|
|
# Notes.: regex to match the SMTP failure messages in the logfile. The
|
|
|
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
|
|
|
# be used for standard IP/hostname matching and is only an alias for
|
|
|
|
# (?:::f{4,6}:)?(?P<host>\S+)
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
|
|
|
# Examples: Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
|
|
|
|
# Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
|
|
|
|
# Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded
|
2013-06-14 02:27:35 +00:00
|
|
|
__assp_actions = (?:dropping|refusing)
|
2013-04-28 08:44:31 +00:00
|
|
|
|
2013-06-14 02:35:44 +00:00
|
|
|
failregex = ^(:? \[SSL-out\])? <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: \w+;$
|
2013-06-14 02:27:35 +00:00
|
|
|
^(?: \[SSL-out\])? <HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
|
2013-06-13 22:55:25 +00:00
|
|
|
^ Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
|
2013-04-28 08:44:31 +00:00
|
|
|
|
|
|
|
|
|
|
|
# Option: ignoreregex
|
|
|
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
|
|
|
ignoreregex =
|
|
|
|
|