That's a really bad idea. ASSP already does that in a sense but is smart about it. Don't reinvent the wheel ;)
> From: MadTh <madan.feedb...@gmail.com> > Reply-To: For Users of ASSP <assp-user@lists.sourceforge.net> > Date: Wed, 26 May 2010 21:48:54 +0200 > To: <assp-user@lists.sourceforge.net> > Subject: [Assp-user] ASSP fail2ban > > Hi, > > In http://www.fail2ban.org/wiki/index.php/ASSP, > > > For following log: > > Example: Nov-14-09 00:14:50 54090-05322 201.244.255.72 < > bad...@gtgwhhrthrth.com> [SMTP Error] 550 5.1.1 User unknown: > your.u...@your-domain.com > > > Assp fail regex is : > failregex = .*? \d{5}-\d{5} <HOST> <.*?> \[SMTP Error\] (.*) > > > > > > > Can you please advise fail regex for log pattern : > > May-12-10 13:16:41 82.249.21.94 user unknown te...@somedomain.com; > > > > where, fail2ban. will be able to get the IP from above log alert message, > and then block it in IPtables. > > > > > Thanks > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user