HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux aritmodecarnaval.es 5.15.0-79-generic #86-Ubuntu SMP Mon Jul 10 16:07:21 UTC 2023 x86_64
User: www-data (33)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /etc/fail2ban/filter.d/
Upload Files
File: //etc/fail2ban/filter.d/kerio.conf
# Fail2ban filter for kerio

[Definition]

failregex = ^ SMTP Spam attack detected from <HOST>,
            ^ IP address <HOST> found in DNS blacklist
            ^ Relay attempt from IP address <HOST>
            ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
            ^ Failed SMTP login from <HOST>
            ^ SMTP: User \S+ doesn't exist. Attempt from IP address <HOST>
            ^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$
            ^ Administration login into Web Administration from <HOST> failed: IP address not allowed$
            ^ Message from IP address <HOST>, sender \S+ rejected: sender domain does not exist$

ignoreregex =

datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]

# DEV NOTES:
# 
# Author: A.P. Lawrence
# Updated by: M. Bischoff <https://github.com/herrbischoff>
#
# Based off: http://aplawrence.com/Kerio/fail2ban.html
@ Telegram