fail2ban: (strictly) ban hosts that are well over the ratelimit

author Adam D. Barratt <adam@adam-barratt.org.uk>

Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)

committer Adam D. Barratt <adam@adam-barratt.org.uk>

Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
author Adam D. Barratt <adam@adam-barratt.org.uk>
Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
committer Adam D. Barratt <adam@adam-barratt.org.uk>
Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
diff --git a/modules/fail2ban/files/filter/dsa-exim-strict.conf b/modules/fail2ban/files/filter/dsa-exim-strict.conf

index 2dcdfb1..02eeb06 100644 (file)
--- a/modules/fail2ban/files/filter/dsa-exim-strict.conf
+++ b/modules/fail2ban/files/filter/dsa-exim-strict.conf
@@ -5,3 +5,4 @@ before = exim-common.conf
  
  [Definition]
  failregex = (?i)^%(pid)s SMTP protocol error in "AUTH LOGIN" %(host_info)sAUTH command used when not advertised$
+            ^%(pid)s %(host_info)sWarning: Sender rate \d{3,}.\d / [^ ]+ \(limit: \d\d?\)
author	Adam D. Barratt <adam@adam-barratt.org.uk>
	Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)
committer	Adam D. Barratt <adam@adam-barratt.org.uk>
	Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)