# Fail2ban filter for kerio

[Definition]

failregex = ^ SMTP Spam attack detected from <HOST>,
            ^ IP address <HOST> found in DNS blacklist
            ^ Relay attempt from IP address <HOST>
            ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
            ^ Failed SMTP login from <HOST>
            ^ SMTP: User \S+ doesn't exist. Attempt from IP address <HOST>
            ^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$
            ^ Administration login into Web Administration from <HOST> failed: IP address not allowed$
            ^ Message from IP address <HOST>, sender \S+ rejected: sender domain does not exist$

ignoreregex =

datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]

# DEV NOTES:
# 
# Author: A.P. Lawrence
# Updated by: M. Bischoff <https://github.com/herrbischoff>
#
# Based off: http://aplawrence.com/Kerio/fail2ban.html