On 2023-04-21 12:32, Wayne Sallee via Fail2ban-users wrote: > Looking at my test, you can see that I copied logs into the testing log file, > so that fail2ban would see the new entries. > Hmm. Maybe. I never tried re-using a data log file. Here are a couple of ideas: - change the name of the log file for each test run. - change the regex a little: failregex = postfix.+ RCPT from unknown\[<HOST>\]\: .+(<badbots>) # Apr 16 11:00:07 datepattern = %%b %%d %%H:%%M:%%S
Adding the "RCPT from unknown" portion skips the first []'d number which is not an IP. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
