Hi, as i can create the following filter example for these brute force postfix / smtpd:
Log Example: mail.warning.log (syslog) 2015 Jun 6 15:58:34 postfix/smtpd[20077]: warning: numeric hostname: 178.72.138.184 | 2015 Jun 6 15:59:06 postfix/smtpd[20077]: warning: numeric hostname: 178.72.138.184 | 2015 Jun 6 15:59:19 postfix/smtpd[20077]: warning: numeric hostname: 178.72.138.184 | 2015 Jun 6 16:29:02 postfix/smtpd[20543]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 6 16:29:02 postfix/smtpd[20541]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 6 16:29:23 postfix/smtpd[20543]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 6 18:34:43 postfix/smtpd[21825]: warning: hostname 203-150-68-51.inter.net.th does not resolve to address 203.150.68.51: Name or service not known | 2015 Jun 7 00:26:44 postfix/smtpd[25369]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 7 03:18:39 postfix/smtpd[27129]: warning: hostname hn.kd.ny.adsl does not resolve to address 182.118.53.86: Name or service not known | 2015 Jun 7 03:18:39 postfix/smtpd[27129]: warning: non-SMTP command from unknown[182.118.53.86]: GET / HTTP/1.0 | 2015 Jun 7 06:43:12 postfix/smtpd[29248]: warning: hostname 203-150-68-51.inter.net.th does not resolve to address 203.150.68.51: Name or service not known | 2015 Jun 7 06:43:12 postfix/smtpd[29246]: warning: hostname 203-150-68-51.inter.net.th does not resolve to address 203.150.68.51: Name or service not known | 2015 Jun 7 08:41:20 postfix/smtpd[30813]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 7 17:10:35 postfix/smtpd[3635]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 7 17:10:39 postfix/smtpd[3635]: warning: hostname 14-2-240-152.static.internode.on.net does not resolve to address 14.2.240.152: Name or service not known | 2015 Jun 7 19:02:25 postfix/smtpd[10450]: warning: hostname azteca-comunicaciones.com does not resolve to address 191.102.73.51 | 2015 Jun 7 19:15:15 postfix/smtpd[10825]: warning: hostname 203-150-68-51.inter.net.th does not resolve to address 203.150.68.51: Name or service not known 2015 Jun 3 23:41:22 postfix/smtpd[10381]: lost connection after UNKNOWN from unknown[49.48.140.5] 2015 Jun 3 23:41:22 postfix/smtpd[10381]: disconnect from unknown[49.48.140.5] 2015 Jun 3 23:41:22 postfix/smtpd[10379]: connect from unknown[49.48.140.5] Thanks for your help in advance, -- *Wilmer Arambula. *
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
