fail2ban/config/filter.d/exim-spam.conf

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#         Daniel Black (rewrote with strong regexs)
#


[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# exim-common.local
before = exim-common.conf


[Definition]

# Option:  failregex
# Notes.:  This includes the spam rejection messages of exim.
#          Note the %(host_info) defination contains a <HOST> match

failregex =  ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$
             ^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
ENH: split out exim-spam into speparate filter 12 years ago			`# Fail2Ban configuration file`
			`#`
			`# Author: Cyril Jaquier`
			`# Daniel Black (rewrote with strong regexs)`
			`#`


			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# exim-common.local`
			`before = exim-common.conf`


			`[Definition]`

			`# Option: failregex`
			`# Notes.: This includes the spam rejection messages of exim.`
			`# Note the %(host_info) defination contains a <HOST> match`

			`failregex = ^%(pid)s \S+ F=(<>\|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$`
			`^%(pid)s %(host_info)sF=(<>\|[^@]+@\S+) rejected RCPT [^@]+@\S+: .dnsbl.\s*$`
			`^%(pid)s \S+ %(host_info)sF=(<>\|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$`

			`# Option: ignoreregex`
			`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
			`# Values: TEXT`
			`#`
			`ignoreregex =`