You've gone off-list.
I don't know dovecot. Just pick a dovecot filter, clone it and and
modify it but be consistent with your names so the filter name follows
the jail name. You'll have to modify your filter to suit your needs anyway.
Nick
On 28/02/2019 17:01, Jody Whitesides wrote:
What would the change be for the _daemon in the conf below to work with
dovecot? I’ve been getting a ton of spam from qq and a couple of others as
well, and this would be great to get rid of it. I’m not using postfix though.
Thank you for your time Nick,
Jody
On Feb 28, 2019, at 8:28 AM, Nick Howitt <[email protected]> wrote:
There is no actionunban as it relies on the ipset line timing out using the
built-in ipset mechanism. When banning subnets, you need to be sure you are not
blocking good IP's. My filter is:
/etc/fail2ban/filter.d/postfix-no-ptr.conf
# Fail2Ban filter for postfix lost connections
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
# limited to qq.com e-mails - from q.com and also from
dynamic.163data.com.cn IP addresses
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from
unknown\[<HOST>\]: 450 4.7.1 Client host rejected: cannot find your
reverse hostname.*@qq.com
^%(__prefix_line)swarning: hostname
.*\.dynamic\.163data\.com\.cn does not resolve to address <HOST>:
ignoreregex =
# Author: Nick Howitt
This because I am currently under a spam attack with all mails coming from
[email protected]. Most come from dynamic 163data.com.cn addresses and I assume
that if one is dynamic, a whole /24 subnet will be dynamic. Some also come from
other IP's and if they have no PTR record (a mandatory requirement for a
properly configured mail server), I again assume the whole block is probably
dynamic IP's and therefore should not be sending e-mails and block it.
Regards,
Nick
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
