I think I got a working filter. I found this: http://www.arghwebworks.com/2008/06/08/fail2ban-and-spammers/
and am giving it a try. Thanks anyway. -drmike On Mon, Jun 22, 2015 at 2:45 PM, Dr. Mike Wendell <[email protected]> wrote: > Greets: > > I've been flipping over my exim4 logs and noticed a pattern. I block > on certain addresses where I know spammers have in their mail lists. > For example: > > 2015-06-22 14:09:47 H=(1.2.3.4) [5.6.7.8] F=<[email protected]> > rejected RCPT <[email protected]>: You are a spammer. Go away. > > After a few of those, the spammer script tries a random and madeup > address and that gets through > > I'm trying to setup a fail2ban block using that line from my logs up > there. I'm real bad with writing regex statements so I'm asking for > help. > > I;m looking at this "tutorial" here: > > http://info.comodo.priv.at/oldblog/articles/exim_fail2ban/ > > using my example line, what would you put for the address and failregex lines? > > Thank you for your time, > -drmike ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
