On 8/10/19 2:17 AM, Dominic Raferd wrote: > I have a fail2ban ban - quite active - based on this: > > failregex = ^%(__prefix_line)sdisconnect from \S+\[<HOST>\] > (ehlo|helo)=\d+ .*auth=0/\d > > See also http://www.postfix.org/announcements/postfix-3.0.0.html. > (I whitelist a few ips that are our own, or known to run auth tests).
Since you mention fail2ban, I've recently installed fail2ban on my mail server with the intention of setting it up to detect brute-force login attempts on the SMTP port and *remotely tell my firewall* to block the offending IPs. But studying the fail2ban documentation I've so far found, I cannot for the life of me figure out how to do this, though I am assured by others that it is perfectly possible and should be straightforwasrd to do. Can anyone by chance point me to any documentation that explains how to do this? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
