fail2ban/config/filter.d/sendmail-auth.conf

23 lines
396 B
Plaintext

# Fail2Ban filter for sendmail authentication failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=sendmail.service
# DEV Notes:
#
# Author: Daniel Black