Package: fail2ban Version: 0.9.7-1 Severity: wishlist There are two types of Exim failures which are logged but not currentlly handled by fail2ban. The first is when a client sends an invalid HELO/EHLO command, and the second is when the client sends commands before the banner is displayed. Both of these are indications of clients looking for open proxies using various protocols, and are not something which should be allowed to continuously connect (if nothing else, its a waste of bandwidth on bw restricted links).
Here are examples of both. 2017-06-11 16:22:54 rejected HELO from 163.242-136-217.adsl-static.isp.belgacom.be [217.136.242.163]: syntactically invalid argument(s): *.* 2017-06-12 01:54:33 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[211.138.219.67] input="GET / HTTP/1.1\r\n\r\n" Ideally fail2ban should ban clients who attempt either of these. -- System Information: Debian Release: stretch/sid APT prefers artful APT policy: (500, 'artful') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.10.0-22-generic (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fail2ban depends on: ii init-system-helpers 1.47 ii lsb-base 9.20160110ubuntu5 ii python3 3.5.3-1 Versions of packages fail2ban recommends: ii iptables 1.6.1-1~exp1 ii python 2.7.13-2 pn python3-pyinotify <none> pn python3-systemd <none> ii whois 5.2.15 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 pn monit <none> ii rsyslog [system-log-daemon] 8.16.0-1ubuntu5 -- no debconf information
