hello, this is my first attempt at writing my own regex.  im not a programmer, so i of course dont understand what im doing wrong, but im hoping that my log example and regex below will allow someone to point me in the right direction.
 
my goal, is to iptables block smtp server that send me virus and smtp servers that trip the blacklist, of MailScanner.  so far, i have this:
 
[root@centos64 ~]# cat /etc/fail2ban/filter.d/postfix.conf
[Definition]
failregex =  reject: Infected message .* came from <HOST>
                   reject: Message .* from <HOST> (.*) to .* is spam (blacklisted)
 
ignoreregex =
 
[root@centos64 ~]# cat /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 30
findtime  = 608400
maxretry = 1
backend = auto
usedns = warn
 
[postfix]
enabled  = true
filter   = postfix
action   = iptables[name=POSTFIX, port=smtp, protocol=tcp]
logpath  = /var/log/maillog

 
the log for these items would look like this:
 
Jul 18 13:15:59 centos64 MailScanner[29234]: Infected message 2063A2580.A4155 came from 76.175.6.177
 
or
 
Jul 18 15:42:03 centos64 MailScanner[1629]: Message BB346257B.A5072 from 173.232.44.38 (premiumgarciniacambogia@choostie.me) to mydomain.com is spam (blacklisted)
 
so far fail2ban seems to be running error free, but looking back 7 days thru the maillog should have already found tons of hits, but so far i have nothing in my iptables, so my first impression is that my regex isnt correct.  can someone look this over and give me a recommendation?
 
many thanks,
jonathan