diff options
| author | Sergey G. Brester <serg.brester@sebres.de> | 2023-04-24 15:40:53 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-24 15:40:53 +0200 |
| commit | 809b90410674b2be93c2159505b09e1f233b030f (patch) | |
| tree | d276a5e1b58da1b27e10a7b4630ebf526847675c | |
| parent | 7544e969d5f708afef9be0b4c657fdb70cacbbc9 (diff) | |
| download | fail2ban-809b90410674b2be93c2159505b09e1f233b030f.tar.gz | |
filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector
| -rw-r--r-- | config/filter.d/exim.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf index 6a8c12c5..1f0c3d82 100644 --- a/config/filter.d/exim.conf +++ b/config/filter.d/exim.conf @@ -20,7 +20,7 @@ failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user| ^%(pid)s \w+ authenticator failed for (?:[^\[\( ]* )?(?:\(\S*\) )?\[<HOST>\](?::\d+)?(?: I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$ ^%(pid)s %(host_info)srejected RCPT [^@]+@\S+: (?:relay not permitted|Sender verify failed|Unknown user|Unrouteable address)\s*$ ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (?:connection from|"\S+") %(host_info)s(?:next )?input=".*"\s*$ - ^%(pid)s SMTP call from (?:[^\[\( ]* )?%(host_info)sdropped: too many (?:nonmail commands|syntax or protocol errors) \(last (?:command )?was "[^"]*"\)\s*$ + ^%(pid)s SMTP call from (?:[^\[\( ]* )?%(host_info)sdropped: too many (?:(?:nonmail|unrecognized) commands|syntax or protocol errors) ^%(pid)s SMTP protocol error in "[^"]+(?:"+[^"]*(?="))*?" %(host_info)sAUTH command used when not advertised\s*$ ^%(pid)s no MAIL in SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) )?%(host_info)sD=\d\S*s(?: C=\S*)?\s*$ ^%(pid)s (?:[\w\-]+ )?SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) )?%(host_info)sclosed by DROP in ACL\s*$ |