mirror of https://github.com/fail2ban/fail2ban
33 lines
1.3 KiB
Plaintext
33 lines
1.3 KiB
Plaintext
![]() |
# Fail2Ban filter for sendmail spam/relay type failures
|
||
|
#
|
||
|
# Some of the below failregex will only work properly, when the following
|
||
|
# options are set in the .mc file (see your Sendmail documentation on how
|
||
|
# to modify it and generate the corresponding .cf file):
|
||
|
#
|
||
|
# FEATURE(`delay_checks')
|
||
|
# FEATURE(`greet_pause', `500')
|
||
|
# FEATURE(`ratecontrol', `nodelay', `terminate')
|
||
|
# FEATURE(`conncontrol', `nodelay', `terminate')
|
||
|
#
|
||
|
# ratecontrol and conncontrol also need corresponding options ClientRate:
|
||
|
# and ClientConn: in the access file, see documentation for ratecontrol and
|
||
|
# conncontrol in the sendmail/cf/README file.
|
||
|
|
||
|
[INCLUDES]
|
||
|
|
||
|
before = common.conf
|
||
|
|
||
|
[Definition]
|
||
|
|
||
|
_daemon = (?:sm-(mta|acceptingconnections))
|
||
|
|
||
![]() |
failregex = ^%(__prefix_line)s\w{14}: ruleset=check_rcpt, arg1=(?P<email><\S+@\S+>), relay=(\S+ )?\[<HOST>\]( \(may be forged\))?, reject=(550 5\.7\.1 (?P=email)\.\.\. Relaying denied\. (IP name possibly forged \[(\d+\.){3}\d+\]|Proper authentication required\.)|553 5\.1\.8 (?P=email)\.\.\. Domain of sender address \S+ does not exist|550 5\.7\.1 (?P=email)\.\.\. Rejected: .*)$
|
||
![]() |
^%(__prefix_line)sruleset=check_relay, arg1=(?P<dom>\S+), arg2=<HOST>, relay=(?P=dom) \[(\d+\.){3}\d+\]( \(may be forged\))?, reject=421 4\.3\.2 Connection rate limit exceeded\.$
|
||
|
|
||
|
|
||
|
ignoreregex =
|
||
|
|
||
|
# DEV Notes:
|
||
|
#
|
||
|
# Author: Daniel Black and Fabian Wenk
|