fail2ban: (strictly) ban hosts that are well over the ratelimit
authorAdam D. Barratt <adam@adam-barratt.org.uk>
Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
committerAdam D. Barratt <adam@adam-barratt.org.uk>
Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
modules/fail2ban/files/filter/dsa-exim-strict.conf

index 2dcdfb1..02eeb06 100644 (file)
@@ -5,3 +5,4 @@ before = exim-common.conf
 
 [Definition]
 failregex = (?i)^%(pid)s SMTP protocol error in "AUTH LOGIN" %(host_info)sAUTH command used when not advertised$
+            ^%(pid)s %(host_info)sWarning: Sender rate \d{3,}.\d / [^ ]+ \(limit: \d\d?\)