That is not true. fail2ban understands tai64n timestamps as used below. Btw., for fail2ban specific questions, it makes more sense to ask on the fail2ban mailing list. :-)
Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 serv...@waschbuesch.it http://www.waschbuesch.it Am 06.05.2011 um 08:58 schrieb Finn Buhelt: > Hi. > > Just out of the head I think it's tricky because fail2ban needs a known > timestamp to check against, and I cannot recall fail2ban having this > timestamp listed as valid. > > But as said -just out of the head. > Regards, > Finn > > > > On 06-05-2011 08:10, Délsio Cabá wrote: >> Hi all >> >> I am getting a lot of DDOS on smtp connection logs: >> >> @400000004dc390330ffb50f4 CHKUSER accepted sender: from >> <r...@mydomain.com::> remote <demagnify:unknown:173.212.197.14> rcpt <> : >> sender accepted >> @400000004dc390340c9e201c CHKUSER rejected rcpt: from <r...@mydomain.com::> >> remote <demagnify:unknown:173.212.197.14> rcpt <m...@zicel.ru> : invalid >> rcpt MX domain >> .. >> @400000004dc3905511aba4bc CHKUSER accepted sender: from >> <r...@ns.mozdesigners.com::> remote <byte:unknown:173.212.197.14> rcpt <> : >> sender accepted >> @400000004dc390562cb394a4 CHKUSER rejected relaying: from >> <r...@ns.mozdesigners.com::> remote <byte:unknown:173.212.197.14> rcpt >> <mad...@usc.es> : client not allowed to relay >> >> I need to block this using fail2ban but the regex is quite complex. I have >> tried this: >> "<HOST>\> rcpt \S+ : client not allowed to relay$" >> >> But it doesn't seam to be working as expected: >> fail2ban-regex /var/log/qmail/smtp/current "<HOST>\> rcpt \S+ : client not >> allowed to relay" >> ... >> Date template hits: >> 0 hit(s): MONTH Day Hour:Minute:Second >> 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year >> 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second >> 0 hit(s): Year/Month/Day Hour:Minute:Second >> 0 hit(s): Day/Month/Year Hour:Minute:Second >> 0 hit(s): Day/MONTH/Year:Hour:Minute:Second >> 0 hit(s): Month/Day/Year:Hour:Minute:Second >> 0 hit(s): Year-Month-Day Hour:Minute:Second >> 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] >> 0 hit(s): Day-Month-Year Hour:Minute:Second >> 1184 hit(s): TAI64N >> 0 hit(s): Epoch >> 0 hit(s): ISO 8601 >> 0 hit(s): Hour:Minute:Second >> 0 hit(s): <Month/Day/Year@Hour:Minute:Second> >> >> Any help would be very appreciated >> Thanks! --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
