1 $ fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf
\r
6 Use failregex file : /etc/fail2ban/filter.d/postfix.conf
\r
7 Use log file : /var/log/mail.log
\r
13 Failregex: 6245 total
\r
14 |- #) [# of hits] regular expression
\r
15 | 1) [163] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
\r
16 | 5) [6082] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*lost connection after AUTH from \S+\[<HOST>\]$
\r