rich1.0phorkiehttps://p.cweiske.de/Christian Weiske86400900900<!-- embedding all files of https://p.cweiske.de/527 --> <link rel="stylesheet" href="https://p.cweiske.de/css/embed.css"/> <div class="phork" id="527"> <div class="phork-file"> <div class="phork-content"> <div class="code"><pre class="txt">Dec 13 15:44:24 ahso2 postfix/smtpd[29302]: lost connection after AUTH from unknown[182.110.22.220] grep 'lost connection after AUTH from' /var/log/mail.log https://serverfault.com/a/705020/75968</pre></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/527/rev-raw/da3c8a6fc1162ec587944ef9f8aa29d753151d89/phork0.txt" style="float: right">view raw source</a> <a href="https://p.cweiske.de/527#phork0.txt">phork0.txt</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <div class="code"><pre class="txt">$ fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf Running tests ============= Use failregex file : /etc/fail2ban/filter.d/postfix.conf Use log file : /var/log/mail.log Results ======= Failregex: 6245 total |- #) [# of hits] regular expression | 1) [163] ^\s*(&lt;[^.]+\.[^.]+&gt;)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*NOQUEUE: reject: RCPT from \S+\[&lt;HOST&gt;\]: 554 5\.7\.1 .*$ | 5) [6082] ^\s*(&lt;[^.]+\.[^.]+&gt;)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*lost connection after AUTH from \S+\[&lt;HOST&gt;\]$ </pre></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/527/rev-raw/da3c8a6fc1162ec587944ef9f8aa29d753151d89/testing.txt" style="float: right">view raw source</a> <a href="https://p.cweiske.de/527#testing.txt">testing.txt</a> </div> </div> </div>