mirror of https://github.com/fail2ban/fail2ban
34 lines
1.6 KiB
Plaintext
34 lines
1.6 KiB
Plaintext
# Fail2Ban configuration file
|
|
#
|
|
# Author: Cyril Jaquier
|
|
# Daniel Black (rewrote with strong regexs)
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Option: failregex
|
|
# Notes.: regex to match the password failures messages in the logfile. The
|
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
|
# be used for standard IP/hostname matching and is only an alias for
|
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
|
# Values: TEXT
|
|
#
|
|
|
|
# From exim source code: ./src/receive.c:add_host_info_for_log
|
|
host_info = H=([\w.-]+ )?(\(\S+\) )?\[<HOST>\](:\d+)? (?:I=\[\S+\]:\d+ )?(?:U=\S+ )?(P=e?smtp )?
|
|
pid = ( \[\d+\])?
|
|
|
|
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: Unrouteable address\s*$
|
|
^%(pid)s \S+ F=(?:<>|\S+@\S+) %(host_info)s(?:temporarily )?rejected by local_scan\(\): .{0,256}$
|
|
^%(pid)s login authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
|
|
^%(pid)s %(host_info)sF=(?:<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (rejected found in dnsbl \S+|relay not permitted)\s*$
|
|
^%(pid)s \S+ %(host_info)sF=(?:<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$
|
|
^%(pid)s SMTP protocol synchronization error \(.*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
|
|
^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
|
|
|
|
# Option: ignoreregex
|
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
# Values: TEXT
|
|
#
|
|
ignoreregex =
|