Hello, I am running Fail2Ban Version 0.9.3 on Ubuntu 16.04.5 LTS (LOL) In EXIM, I have an ACL write a string into exim's mainlog when an email has an excessively high spam score.
I want to write a failregex to find the host info of a log line like this: 2021-12-01 16:01:00 [19572] 1msWip-00055g-03 H=( mta.emails.nationalgridus.com) [13.111.106.205]:42333 I=[10.10.10.0]:25 Warning: EXIMSPAMASSASSINEXCESSIVEFAIL2BAN tI tried this failregex, but testing it does not get any hits failregex = ^%(pid)s \w+ %(host_info)sEXIMSPAMASSASSINEXCESSIVEFAIL2BAN$ Which to me, reads as : find the processid and a single space then any word (for the "H=(mta.emails..." string ) then the host_info and a single space then the text string written by EXIM4's ACL at the end of the line (no space after that in my text editor) I also tried this website to generate a regex https://regex-generator.olafneumann.org/?sampleText=Warning%3A%20EXIMSPAMASSASSINEXCESSIVEFAIL2BAN but I cannot figure it out :( I appreciate any tips, suggestions, corrections, thank you.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
