| 192 |
- |
1 |
# Fail2ban filter for kerio
|
|
|
2 |
|
|
|
3 |
[Definition]
|
|
|
4 |
|
|
|
5 |
failregex = ^ SMTP Spam attack detected from <HOST>,
|
|
|
6 |
^ IP address <HOST> found in DNS blacklist
|
|
|
7 |
^ Relay attempt from IP address <HOST>
|
|
|
8 |
^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
|
|
|
9 |
^ Failed SMTP login from <HOST>
|
|
|
10 |
^ SMTP: User \S+ doesn't exist. Attempt from IP address <HOST>
|
|
|
11 |
^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$
|
|
|
12 |
^ Administration login into Web Administration from <HOST> failed: IP address not allowed$
|
|
|
13 |
^ Message from IP address <HOST>, sender \S+ rejected: sender domain does not exist$
|
|
|
14 |
|
|
|
15 |
ignoreregex =
|
|
|
16 |
|
|
|
17 |
datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]
|
|
|
18 |
|
|
|
19 |
# DEV NOTES:
|
|
|
20 |
#
|
|
|
21 |
# Author: A.P. Lawrence
|
|
|
22 |
# Updated by: M. Bischoff <https://github.com/herrbischoff>
|
|
|
23 |
#
|
|
|
24 |
# Based off: http://aplawrence.com/Kerio/fail2ban.html
|