fail2ban/config/filter.d/sendmail-auth.conf

19 lines
330 B
Plaintext
Raw Normal View History

# Fail2Ban filter for sendmail authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:sm-(mta|acceptingconnections))
failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
ignoreregex =
# DEV Notes:
#
# Author: Daniel Black