Author: Peter Velan Date: To: exim-users Subject: Re: [exim] Stopping Bruteforceattacks
am 25.07.2012 12:30 schrieb Chris Knadle: > On Wednesday, July 25, 2012 04:44:32, Mihamina Rakotomandimby wrote:
>> If me, I'd filter at IP level, based on some reject log information.
>> That's the job of fail2ban, but I dont know if it parses Exim logs.
>
> By default fail2ban doesn't scan Exim logs, but what logs are scanned is
> customizable; for instance something like the following added to fail2ban's
> jail.conf:
>
> -----------------------
>
> #
> # Exim4 email MTA
> #
>
> [exim4]
>
> enabled = true
> port = smtp
> filter = exim4
> logpath = /var/log/exim4/mainlog
> bantime = 28800
> maxretry = 3
I'm using daily mainlogs á la "mainlog-20120726". What would be an
elegant way to configure fail2ban in this case?