On 26.11.18 16:38, Richard Jones via Exim-users wrote:
> Why not use Fail2Ban for this?
This works here successfully:
in /etc/fail2ban/filter.d/exim4-auth-not-advertised.conf:
failregex = .*\) [[](?P<host>\S*)[]] AUTH command used when not
advertised *$
in /etc/fail2ban/jail.conf:
[exim4-auth-early]
enabled = true
port = smtp,smtps,submission,imap2,imap3,imaps,pop3,pop3s,2000,sieve
filter = exim4-auth-not-advertised
logpath = /var/log/exim4/mainlog
# ban almost immediately
maxretry = 2
# ban 11h+
bantime = 40000
Regards, Adrian.
