Here are a couple more jails + filters. Be aware that email can wrap
things. The first failregex is three lines, the second one is one line
(the lines end in "\b")
--
Fred Morris, internet plumber
--
::::::::::::::
jail.d/pf-connect.local
::::::::::::::
[pf-connect]
enabled = true
findtime = 4h
maxretry = 3
logpath = /var/log/mail.flame
::::::::::::::
jail.d/pf-recipients.local
::::::::::::::
[pf-recipients]
enabled = true
findtime = 4h
maxretry = 15
logpath = /var/log/mail.flame
m3047@flame:/etc/fail2ban> more filter.d/pf*
::::::::::::::
filter.d/pf-connect.local
::::::::::::::
[Definition]
failregex = disconnect from .*?\[<HOST>\].* auth=0/\b
disconnect from .*?\[<HOST>\].* unknown=0/.* commands=0/\b
NOQUEUE: reject: RCPT from unknown\[<HOST>\]:.*\b
::::::::::::::
filter.d/pf-recipients.local
::::::::::::::
[Definition]
failregex = RCPT from .*?\[<HOST>\]: 550 .*User unknown in local recipient
table\b
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
