hello, this is my first attempt at writing my own regex. im not a programmer, so i of course dont understand what im doing wrong, but im hoping that my log example and regex below will allow someone to point me in the right direction.
my goal, is to iptables block smtp server that send me virus and smtp servers that trip the blacklist, of MailScanner. so far, i have this:
[root@centos64 ~]# cat /etc/fail2ban/filter.d/postfix.conf [Definition]
failregex = reject: Infected message .* came from <HOST> reject: Message .* from <HOST> (.*) to .* is spam (blacklisted)
so far fail2ban seems to be running error free, but looking back 7 days thru the maillog should have already found tons of hits, but so far i have nothing in my iptables, so my first impression is that my regex isnt correct. can someone look this over and give me a recommendation?