My question is very similar to Richard Laysell's question:
On 4/7/2014 8:42 AM, Richard Laysell wrote:
>
> Hello all,
>
> What is the best way of dealing with pests like this?
>
> Apr 7 12:52:40 polyphemus postfix/smtpd[24765]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:41 polyphemus postfix/smtpd[9398]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:42 polyphemus postfix/smtpd[11788]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:42 polyphemus postfix/smtpd[1519]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:42 polyphemus postfix/smtpd[25494]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:42 polyphemus postfix/smtpd[8085]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:43 polyphemus postfix/smtpd[17639]: lost connection after
> AUTH from unknown[78.188.45.153]
> Apr 7 12:52:43 polyphemus postfix/smtpd[20617]: lost connection after
> AUTH from unknown[78.188.45.153]
I have similar log entries and would like to use fail2ban to block
offenders.
If I enable the options for 'notify_classes' then I'll get a Postmaster
email which contains the server response to the client:
503 5.5.1 Error: authentication not enabled
Can I enable logging that message for the client, or maybe just the '503
5.5.1' portion of it?
Thanks.
