Menu
▾
▴
Re: [Fail2ban-users] Need SMTP Ban help
|
From: Marat K. <mk...@rq...> - 2018-05-17 07:31:54
|
16.05.2018 21:09, Jody Whitesides wrote: > Actually there would be a few other attempts in between line 2 and 6 > there. Thus, I’d like to create a filter that can figure out the hex > thing before the 'mta event' as that is what ties the first part’s > attempt to the fact that its failing. Then I’d like to ban that host, > both the IPv4 and IPv6 ones that are doing what ever it is they’re > attempting to do. You can use multiline regular expressions for the hex part. Here's one example of how it is done (__machine, __pid1 and __pid2 all match among the lines): https://github.com/qm2k/burp_integration/blob/master/etc/fail2ban/filter.d/burp-auth.conf I'd also check your IPv6 connectivity (including ICMPv6) to the client, these timeouts are more likely caused by MTU problems than malicious intent. -- With Best Regards, Marat Khalili |
