[spamdyke-users] Fail2ban integration

Fri, 22 Jul 2016 16:18:25 -0700 

Sam,
Is there a way to get spamdyke to log invalid authorizations in a manner that fail2ban can use? My host has been hit continuously with brute-force attacks. Unfortunately, the logs only have: 


Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info] 
FILTER_AUTH_REQUIRED
Jul 22 18:54:50 tardis spamdyke[26727]: [ID 702911 mail.info] 
ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
username/password, vchkpw uses this to indicate SMTP access is not 
allowed): verizon
Jul 22 18:56:01 tardis spamdyke[26727]: [ID 702911 mail.info] 
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
operation failed due to an I/O error, Unexpected EOF found
Jul 22 18:57:16 tardis spamdyke[26736]: [ID 702911 mail.info] 
FILTER_AUTH_REQUIRED
Jul 22 18:57:23 tardis spamdyke[26736]: [ID 702911 mail.info] 
ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
username/password, vchkpw uses this to indicate SMTP access is not 
allowed): verizon
Jul 22 18:58:37 tardis spamdyke[26736]: [ID 702911 mail.info] 
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
operation failed due to an I/O error, Unexpected EOF found
Jul 22 18:59:59 tardis spamdyke[26743]: [ID 702911 mail.info] 
FILTER_AUTH_REQUIRED
Jul 22 19:00:10 tardis spamdyke[26743]: [ID 702911 mail.info] 
ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
username/password, vchkpw uses this to indicate SMTP access is not 
allowed): verizon
Jul 22 19:01:21 tardis spamdyke[26743]: [ID 702911 mail.info] 
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
operation failed due to an I/O error, Unexpected EOF found
Jul 22 19:02:32 tardis spamdyke[26876]: [ID 702911 mail.info] 
FILTER_AUTH_REQUIRED
Jul 22 19:02:38 tardis spamdyke[26876]: [ID 702911 mail.info] 
ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
username/password, vchkpw uses this to indicate SMTP access is not 
allowed): verizon
Jul 22 19:03:50 tardis spamdyke[26876]: [ID 702911 mail.info] 
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
operation failed due to an I/O error, Unexpected EOF found
\Jul 22 19:05:11 tardis spamdyke[26891]: [ID 702911 mail.info] 
FILTER_AUTH_REQUIRED
Jul 22 19:05:16 tardis spamdyke[26891]: [ID 702911 mail.info] 
ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
username/password, vchkpw uses this to indicate SMTP access is not 
allowed): verizon



They seem to have a huge list of account names to try and I've got 
thousands of attempts just for today.  Unfortunately, without any IP 
address in the message I can't have fail2ban automatically block these.


Gary


_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users






















					Reply via email to