Hi David, I'm afraid fail2ban can't help.
The tool evaluates the log file, right? The problem is as follows: First, the attacker's IP address is written in one line to the log file. And a second request could come almost at the same time, the IP address is also written to the log file. Then a non-existent user is written to the log file, unfortunately without specifying the IP address. An assignment to the attacker is no longer possible. I'm afraid the problem can only be solved within James himself. Example: INFO | jvm 1 | 2023/06/07 16:49:55 | 07-Jun-2023 16:49:55.869 INFO [smtpserver-io-1] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 59.2.248.84 INFO | jvm 1 | 2023/06/07 16:49:55 | 07-Jun-2023 16:49:55.901 INFO [smtpserver-io-1] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 58.12.250.90 INFO | jvm 1 | 2023/06/07 16:49:59 | 07-Jun-2023 16:49:59.761 INFO [smtpserver-io-1] org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61 - Rejected message. Unknown user: b...@domaine.de INFO | jvm 1 | 2023/06/07 16:49:59 | 07-Jun-2023 16:49:59.761 INFO [smtpserver-io-1] org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 - org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED) > Günter Paul <g...@guenterpaul.de> hat am 07.06.2023 17:24 CEST geschrieben: > > > Thanks David. You're probably right, I'll check fail2ban. At the oter sinde: > regex is not my friend though. > > BW Günter > > > David Matthews <m...@dmatthews.org.invalid> hat am 07.06.2023 16:40 CEST > > geschrieben: > > > > > > >Hello David, > > > > > >thanks for your information. Maybe fail2ban is a solution. I would prefer > > >to solve the problem with board funds from James. > > > > > With fail2ban, once you come up with a working regex, you're solving the > > problem at a pre James level - in affect you would be operating an > > automatic and dynamic firewall block. > > > > I think that's a deal more efficient than anything James or any other mail > > exchanger can do. > > > > -- > > David Matthews > > m...@dmatthews.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > For additional commands, e-mail: server-user-h...@james.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
