I don't mean to hijack this thread, but has anyone used Fail2Ban to reactivate ban IPs that are doing this type of brute force attempts?
I've setup what I think is a good REGEX
failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
login authenticator failed for .* \[<HOST>\]: 535 Incorrect authentication data \(set_id=.*\)\s*$
logpath = /var/log/exim_rejectlog
/var/log/exim_mainlog
But, it's not working...Any thoughts? Anyone every use Fail2Ban to ban these type of attempts?
I've setup what I think is a good REGEX
failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
login authenticator failed for .* \[<HOST>\]: 535 Incorrect authentication data \(set_id=.*\)\s*$
logpath = /var/log/exim_rejectlog
/var/log/exim_mainlog
But, it's not working...Any thoughts? Anyone every use Fail2Ban to ban these type of attempts?
