Am Donnerstag, dem 30.05.2024 um 20:37 -0400 schrieb Alex:
>
> Ideally, I'd like to not have to modify that regexp and be able to
> add my own, much like what appears to be happening with mdre-errors.
You don't have to. Append your own rules in a new line and test your
changed rule file with
fail2ban-regex /log/file postfix
and it should reply with text output like
| 13) [3] warning: non-SMTP command from .*\[<HOST>\]
| 14) [16] PREGREET [0-9]+ after [0-9]\.[0-9]{1,2} from \[<HOST>\]
| 15) [10] BARE NEWLINE from \[<HOST>\]
| 18) [5] lost connection after STARTTLS from .*\[<HOST>\]
| 20) [19] NON-SMTP COMMAND from \[<HOST>\]
| 21) [431] warning: hostname .* does not resolve to address <HOST>
| 24) [71] RCPT from unknown\[<HOST>\]: 450 4\.7\.25 Client host
rejected: cannot find your hostname
meaning that my rule no. 24 was found 71 times in my log file.
If it throws errors in your regex, it will let you know in some or
other way ;-)
(One thing i never fixed was this: After editing my filter file,
previously working regexes started failing, e. g. they didn't match
any more - despite being unmodified.)
Cheers,
tim
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
