testing.txt

   1 $ fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf \r
   2 \r
   3 Running tests\r
   4 =============\r
   5 \r
   6 Use   failregex file : /etc/fail2ban/filter.d/postfix.conf\r
   7 Use         log file : /var/log/mail.log\r
   8 \r
   9 \r
  10 Results\r
  11 =======\r
  12 \r
  13 Failregex: 6245 total\r
  14 |-  #) [# of hits] regular expression\r
  15 |   1) [163] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$\r
  16 |   5) [6082] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*lost connection after AUTH from \S+\[<HOST>\]$\r