mirror of https://github.com/fail2ban/fail2ban
21 lines
402 B
Plaintext
21 lines
402 B
Plaintext
# Fail2Ban filter for sendmail authentication failures
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
|
|
|
|
failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[(?:IPv6:<IP6>|<IP4>)\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
|
|
|
|
ignoreregex =
|
|
|
|
journalmatch = _SYSTEMD_UNIT=sendmail.service
|
|
|
|
# DEV Notes:
|
|
#
|
|
# Author: Daniel Black
|