LINUX.ORG.RU

натройки правил fail2ban для exim

 ,


0

1

jail.local:

  • [exim]
  • filter = exim_auth
  • port = smtp,465,imap,submission
  • maxretry = 2
  • logpath = /var/log/exim/main.log
  • enabled = true
  • backend=polling
  • bantime.increment = true
  • protocol = tcp

Проверка failregex из exim_auth (filter.d):

  • 1) [241] \[<HOST>\]: 535 Incorrect authentication data
  • 2) [177] no host name found for IP address <HOST>
  • 3) [25] rejected because <HOST>
  • 4) [541] rejected HELO from (.*)\[<HOST>\]
  • 5) [119] SMTP command timeout on connection from (.*)\[<HOST>\]
  • 6) [50] TLS error on connection from (.*)\[<HOST>\]
  • 7) [10] \[<HOST>\] dropped: too many unrecognized commands
  • 8) [45] \[<HOST>\] unrecognized command
  • 9) [13] \[<HOST>\] (.*)Unknown user
  • 10) [20] \[<HOST>\] (.*)relay not permitted
  • 11) [13] synchronization error (.*)\[<HOST>\]
  • 12) [12] \[<HOST>\] (.*)rejected after DATA

Ничего не забыл для параноидального режима ?