On 07/01/2018 07:08 AM, James Brown via Assp-test wrote:
Does any have a good fail2ban filter for ASSP?
I have this filter:
/# Fail2Ban filter for Anti-Spam SMTP Proxy Server also known as ASSP/
I had to change the logging format in ASSP to get fail2ban to work,
please modify to your environment,
Doug
Date/Time Format in LogDate /(LogDateFormat)/
Use this option to set the logdate. The default value is 'MMM-DD-YY
hh:mm:ss'. The following (case sensitive !) replacements will be done:
And then my filter is
cat assp_auth_failure.conf
# Fail2Ban configuration file
#
# Author: Viktor Ferenczi (python <at-here> cx <dot-here> hu)
#
[Definition]
# Example: Nov-13-12 02:35:08 [Worker_5] Connected: 89.231.202.192:3500
> 10.0.0.10:587 > 10.0.0.12:25
# Nov-13-12 02:35:11 [Worker_5] 89.231.202.192 info: injected
STARTTLS request to 10.0.0.12
# Nov-13-12 02:35:11 [Worker_5] [TLS-out] 89.231.202.192 info:
authentication - login is used
# Nov-13-12 02:35:13 [Worker_5] [TLS-out] 89.231.202.192
warning: SMTP authentication failed
# Nov-13-12 02:35:13 [Worker_5] [TLS-out] 89.231.202.192 [SMTP
Error] 535 5.7.8 Error: authentication failed: authentication failure
failregex = \[TLS-out\] <HOST> .*?535 5.7.8
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test