I REALLY suck at regular expressions, so please bear with me if this is
an easy one for you. My MTA is setup to greylist sites that try brute
force AUTH attacks. That's great, but it also floods my log files when
they keep trying and the MTA keeps rejecting. I copied an example of the
log file entry below. Can someone come up with a filter that I can put
in fail2ban that would block the IP for the default time period?
Thanks!
--- Dan
2020-09-05 00:19:56.010 H=[<HIS IP>] I=[<MY IP>]:587 rejected connection
in "connect" ACL: 45.142.120.74 locally blacklisted for a bruteforce
auth (username+password) cracking attempt
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
