Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix] # Ban for 10 minutes if it fails 6 times within 10 minutes enabled = true port = smtp,ssmtp filter = postfix logpath = /var/log/mail.log maxretry = 6 bantime = 600 findtime = 600
Contents of /etc/fail2ban/filter.d/postfix.conf:
# Fail2Ban configuration file # Author: Cyril Jaquier # $Revision$
[Definition]
# Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT #
# Jul 11 02:35:08 mail postfix/smtpd[16299]: lost connection after AUTH from unknown[196.12.178.73]
failregex = lost connection after AUTH from unknown\[<HOST>\]
# Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
Many thanks!