HEX
Server: Apache/2.4.65 (Debian)
System: Linux web6 5.10.0-36-amd64 #1 SMP Debian 5.10.244-1 (2025-09-29) x86_64
User: innocamp (1028)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /etc/fail2ban/filter.d/
Upload Files
File: //etc/fail2ban/filter.d/kerio.conf
# Fail2ban filter for kerio

[Definition]

failregex = ^ SMTP Spam attack detected from <HOST>,
            ^ IP address <HOST> found in DNS blacklist
            ^ Relay attempt from IP address <HOST>
            ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
            ^ Failed SMTP login from <HOST>
            ^ SMTP: User \S+ doesn't exist. Attempt from IP address <HOST>
            ^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$
            ^ Administration login into Web Administration from <HOST> failed: IP address not allowed$
            ^ Message from IP address <HOST>, sender \S+ rejected: sender domain does not exist$

ignoreregex =

datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]

# DEV NOTES:
# 
# Author: A.P. Lawrence
# Updated by: M. Bischoff <https://github.com/herrbischoff>
#
# Based off: http://aplawrence.com/Kerio/fail2ban.html
@ Telegram