The not-so-strict checks need more provocation to add a ban
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
--- /dev/null
+#
+
+[INCLUDES]
+before = exim-common.conf
+
+[Definition]
+failregex = ^%(pid)s SMTP protocol error in "(?i:AUTH LOGIN)" .* \[<HOST>\] AUTH command used when not advertised$
before = exim-common.conf
[Definition]
-failregex = ^%(pid)s SMTP protocol error in "(?i:AUTH LOGIN)" .* \[<HOST>\] AUTH command used when not advertised$
- ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
+failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user|Unrouteable address|Invalid local part)\s*$
^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
--- /dev/null
+[dsa-exim-strict]
+enabled = true
+filter = dsa-exim-strict
+port = smtp,ssmtp,submission
+logpath = /var/log/exim4/mainlog
+maxretry = 1
+findtime = 3600
+bantime = 10800
filter = dsa-exim
port = smtp,ssmtp,submission
logpath = /var/log/exim4/mainlog
-maxretry = 1
-findtime = 3600
+maxretry = 6
+findtime = 900
bantime = 10800