hi,
exim4 mainlog sample (server ip obfuscated):
2020-08-18 12:02:48 [13110] 1k844V-0003PS-LP H=(mail-pg1-f181.google.com)
[209.85.215.181]:38343 I=[10.0.0.0]:25 Warning:
EXIM-SPAMMASSASSIN-EXCESSIVE-FAIL2BAN
my attempt at regex
failregex = ^%(pid)s \S+ %(host_info)sWarning:
EXIM-SPAMMASSASSIN
Hello,
I am running Fail2Ban Version 0.9.3 on Ubuntu 16.04.5 LTS (LOL)
In EXIM, I have an ACL write a string into exim's mainlog when an email has
an excessively high spam score.
I want to write a failregex to find the host info of a log line like this:
2021-12-01 16:01:00 [19572] 1msWip-00055g-
Thanks for your reply Nick.
However, I thought the host_info was a shortcut created by F2B,
in the file
/etc/fail2ban/filter.d/exim-common.conf
so my understanding was that F2B would already get the host info using the
regex in that file
and same concept with pid
and all I needed to do was to
oh, ok, I think I understand a little more now.
I was using f2b-regex cmd in console to test it,
but without the host_info alias (as provided by the "before INCLUDE"),
it won't return any matches?
Is it because f2b-regex needs to return a host portion to be considered a
match?
I mean, I can't jus
hello,
running fail2ban version 0.9.3 on ubuntu
it appears the default action script is iptables-multiport
I want to learn how to add a comment when banning an ip, and have that
comment include data / information from the log file f2b is monitoring,
for example, in a log file made by mail / cou
