把FAIL2BAN的配置动作文件记下来备用。

测试表达式是否正确的方法是:

/usr/bin/fail2ban-regex "相应的日志的某行" "对的表达式的内容,即failregex的值"

 

 

[root@mail filter.d]# cat dovecotlogin.conf 

[Definition]

failregex = (?:Authentication failure|Aborted login|Disconnected \(auth failed|Aborted login|no auth attempts).*rip=(?P\S*),.*

ignoreregex = 

[root@mail filter.d]# 

 

[root@mail filter.d]# cat sasl.conf 

[Definition]

failregex = postfix/smtpd.* warning: unknown\[\]: SASL LOGIN authentication failed

ignoreregex = 

[root@mail filter.d]# 

 

[root@mail filter.d]# cat postfix.conf 

[Definition]

failregex = reject: RCPT from (.*)\[\]: 554

ignoreregex = 

[root@mail filter.d]#