23 lines
522 B
Plaintext
23 lines
522 B
Plaintext
# Fail2Ban filter for sendmail authentication failures
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
|
|
__prefix_line = %(known/__prefix_line)s(?:\w{14,20}: )?
|
|
|
|
# "w{14,20}" will give support for IDs from 14 up to 20 characters long
|
|
failregex = ^%(__prefix_line)s(\S+ )?\[(?:IPv6:<IP6>|<IP4>)\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
|
|
|
|
ignoreregex =
|
|
|
|
journalmatch = _SYSTEMD_UNIT=sendmail.service
|
|
|
|
# DEV Notes:
|
|
#
|
|
# Author: Daniel Black
|