/etc/fail2ban/jail.conf
#規則:同一行不能有兩個HOST參數
#所以需放置於不同行,不同行
#的規則視為另一次比對
############################
[sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, [email protected]] logpath = /var/log/maillog maxretry = 3 findtime = 3600 bantime = 3000 ignoreip =
/etc/fail2ban/filter.d/sasl.conf
[Definition]
failregex = : warning: [-._\w]+\[ \]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
to many errors.+\[<HOST>\]
ignoreregex =
Hits: 104