My bad, I had maxretry set to 5 and lowered it for testing. Your filter works perfectly, thumbs up for this contribution!!
> -------- Original Message -------- > Subject: Re: Fail2Ban filter for OpenSMTPD > Local Time: August 23, 2017 5:31 PM > UTC Time: August 23, 2017 3:31 PM > From: m...@protonmail.ch > To: Nicolas <nico...@shivaserv.fr> > misc@openbsd.org <misc@openbsd.org> > > Hi Nicolas, > > Thank you very much for your OpenSMTPD Fail2Ban filter. I just tried it out > and it actually detects the IP address out of the log file as you can see > here: > > 2017-08-23 17:30:13,089 fail2ban.filter [298]: INFO [opensmtpd] > Found 1XX.2XX.5X.1XX > > but somehow does not manage add this IP address to be blocked by iptables. > Maybe my jail.conf entry for that filter is wrong, I currently added the > following entry: > > [opensmtpd] > enabled = yes > port = smtp > logpath = /var/log/mail.log > > Any ideas? I am running Debian 9 as OS. > > Regards, > Mabi > >> -------- Original Message -------- >> Subject: Re: Fail2Ban filter for OpenSMTPD >> Local Time: August 23, 2017 4:33 PM >> UTC Time: August 23, 2017 2:33 PM >> From: nico...@shivaserv.fr >> To: misc@openbsd.org >> >> Hi >> >> I know some people was searching for fail2ban filters for opensmtpd. >> >> I had the same need, and I"ve created my own simple filter, I share it here >> if it can help. >> >> # Fail2Ban filter for opensmtpd >> # Author: Nicolas Repentin >> # >> >> [INCLUDES] >> >> # Read common prefixes. If any customizations available -- read them from >> # common.local >> before = common.conf >> >> [Definition] >> >> failregex = ^.*smtp event=connected address=<HOST>.*\n.*smtp >> event=failed-command command="AUTH >> LOGIN" result="503 5.5.1 Invalid command: Command not supported >> >> ignoreregex = >> >> [Init] >> maxlines = 2 >> >> It only work actually for this example: >> >> #Aug 23 10:48:54 myserver smtpd[17412]: abc813f0c6789766 smtp >> event=connected address=177.135.X.X >> host=hidden.host.com >> #Aug 23 10:48:55 myserver smtpd[17412]: abc813f0c6789766 smtp >> event=failed-command command="AUTH >> LOGIN" result="503 5.5.1 Invalid command: Command not supported" >> >> Nicolas
