Fail2ban Rule for exim_mainlog

mesranet

Well-Known Member
May 6, 2002
133
0
316
Dear All,

I need help, from my exim_mainlog i found lot of:

- 2019-01-30 00:04:55 dovecot_plain authenticator failed for (127.0.0.1 - xxx.xxx.xxx.xxx -) [127.0.0.1]:60744: 535 Incorrect authentication data ([email protected])

- 2019-01-30 00:19:33 dovecot_plain authenticator failed for ([127.0.0.1] - xxx.xxx.xxx.xxx -) [127.0.0.1]:33466: 535 Incorrect authentication data ([email protected]

- 2019-01-29 21:06:31 dovecot_plain authenticator failed for (attacker.hostname.net - xxx.xxx.xxx.xxx -) [127.0.0.1]:49672: 535 Incorrect authentication data ([email protected])

So how can i make a proper fail2ban rule to detect all those xxx.xxx.xxx.xxx ?

Please help and Thank you so much
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Thread starter Similar threads Forum Replies Date
verdon Security 2
M Security 3
B Security 3
B Security 2
M Security 3