| Current Path : /etc/fail2ban/filter.d/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //etc/fail2ban/filter.d/sendmail-reject.conf |
# Fail2Ban filter for sendmail spam/relay type failures
#
# Some of the below failregex will only work properly, when the following
# options are set in the .mc file (see your Sendmail documentation on how
# to modify it and generate the corresponding .cf file):
#
# FEATURE(`delay_checks')
# FEATURE(`greet_pause', `500')
# FEATURE(`ratecontrol', `nodelay', `terminate')
# FEATURE(`conncontrol', `nodelay', `terminate')
#
# ratecontrol and conncontrol also need corresponding options ClientRate:
# and ClientConn: in the access file, see documentation for ratecontrol and
# conncontrol in the sendmail/cf/README file.
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:sm-(mta|acceptingconnections))
failregex = ^%(__prefix_line)s\w{14}: ruleset=check_rcpt, arg1=(?P<email><\S+@\S+>), relay=(\S+ )?\[<HOST>\]( \(may be forged\))?, reject=(550 5\.7\.1 (?P=email)\.\.\. Relaying denied\. (IP name possibly forged \[(\d+\.){3}\d+\]|Proper authentication required\.|IP name lookup failed \[(\d+\.){3}\d+\])|553 5\.1\.8 (?P=email)\.\.\. Domain of sender address \S+ does not exist|550 5\.[71]\.1 (?P=email)\.\.\. (Rejected: .*|User unknown))$
^%(__prefix_line)sruleset=check_relay, arg1=(?P<dom>\S+), arg2=<HOST>, relay=((?P=dom) )?\[(\d+\.){3}\d+\]( \(may be forged\))?, reject=421 4\.3\.2 (Connection rate limit exceeded\.|Too many open connections\.)$
^%(__prefix_line)s\w{14}: rejecting commands from (\S+ )?\[<HOST>\] due to pre-greeting traffic after \d+ seconds$
^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]: ((?i)expn|vrfy) \S+ \[rejected\]$
ignoreregex =
# DEV Notes:
#
# Author: Daniel Black and Fabian Wenk