Szeritnetek most jó?
Dec 8 11:30:01 panel postfix/smtpd[12462]: warning: hostname 192-227-217-195-host.colocrossing.com does not resolve to address 192.227.217.195: Name or service not known
Dec 8 11:30:01 panel postfix/smtpd[12462]: connect from unknown[192.227.217.195]
Dec 8 11:30:04 panel postfix/smtpd[12462]: warning: unknown[192.227.217.195]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 8 11:30:04 panel postfix/smtpd[12462]: lost connection after AUTH from unknown[192.227.217.195]
Dec 8 11:30:04 panel postfix/smtpd[12462]: disconnect from unknown[192.227.217.195] ehlo=1 auth=0/1 commands=1/2
Dec 8 11:30:09 panel postfix/smtpd[12461]: connect from cpanel21.rackforest.com[79.139.61.131]
Dec 8 11:30:09 panel postfix/smtpd[12461]: 3D52344499: client=cpanel21.rackforest.com[79.139.61.131]
Dec 8 11:30:09 panel postfix/cleanup[12746]: 3D52344499: message-id=<c7633662ac9679873205aa640e7cc649@ubuntu.hu>
Dec 8 11:30:09 panel postfix/qmgr[12389]: 3D52344499: from=<noreply@ubuntu.hu>, size=2665, nrcpt=1 (queue active)
Dec 8 11:30:09 panel postfix/smtpd[12461]: disconnect from cpanel21.rackforest.com[79.139.61.131] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 8 11:30:09 panel postfix/pipe[12748]: 3D52344499: to=<gabor@vtmk.hu>, relay=dovecot, delay=0.11, delays=0.07/0.01/0/0.03, dsn=5.3.0, status=bounced (command line usage error. Command output: lda: Fatal: Unknown argument: smtp-amavis Usage: dovecot-lda [-c <config file>] [-a <address>] [-d <username>] [-p <path>] [-f <envelope sender>] [-m <mailbox>] [-e] [-k] )
Dec 8 11:30:09 panel postfix/cleanup[12746]: 4BD8A444A9: message-id=<20231208103009.4BD8A444A9@panel.vtmk.hu>
Dec 8 11:30:09 panel postfix/bounce[12750]: 3D52344499: sender non-delivery notification: 4BD8A444A9
Dec 8 11:30:09 panel postfix/qmgr[12389]: 4BD8A444A9: from=<>, size=4762, nrcpt=1 (queue active)
Dec 8 11:30:09 panel postfix/qmgr[12389]: 3D52344499: removed
Dec 8 11:30:16 panel postfix/smtpd[12462]: connect from mail-be0deu01hn2246.outbound.protection.outlook.com[52.100.3.246]
Dec 8 11:30:16 panel postfix/smtpd[12462]: NOQUEUE: reject: RCPT from mail-be0deu01hn2246.outbound.protection.outlook.com[52.100.3.246]: 550 5.1.1 <tihanyi@vtmk.hu>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<tihanyi@vtmk.hu> proto=ESMTP helo=<DEU01-BE0-obe.outbound.protection.outlook.com>
Dec 8 11:30:16 panel postfix/smtpd[12462]: disconnect from mail-be0deu01hn2246.outbound.protection.outlook.com[52.100.3.246] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
Ez meg a
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix-flood-attack.conf
Running tests
=============
Use failregex filter file : postfix-flood-attack, basedir: /etc/fail2ban
Use log file : /var/log/mail.log
Use encoding : UTF-8
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] lost connection after AUTH from (.*)\[<HOST>\]
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [32] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 32 lines, 0 ignored, 1 matched, 31 missed
[processed in 0.02 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 31 lines