# Fail2Ban filter for sendmail authentication failures
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = (?:sm-(mta|acceptingconnections))

failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$

ignoreregex =

# DEV Notes:
#
# Author: Daniel Black