postfix/smtpd[29302]: lost connection after AUTH from unknown[182.110.22.220]

edit

Dec 13 15:44:24 ahso2 postfix/smtpd[29302]: lost connection after AUTH from unknown[182.110.22.220]

grep 'lost connection after AUTH from' /var/log/mail.log

https://serverfault.com/a/705020/75968

$ fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf 

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/postfix.conf
Use         log file : /var/log/mail.log


Results
=======

Failregex: 6245 total
|-  #) [# of hits] regular expression
|   1) [163] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
|   5) [6082] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*lost connection after AUTH from \S+\[<HOST>\]$

Add file

Delete paste

Christian Weiske
owner

History

da3c8a 7 years ago
a22c5c 7 years ago

Embed HTML code Public clone URL

postfix/smtpd[29302]: lost connection after AUTH from unknown[182.110.22.220]

phork0.txt

testing.txt

History