/etc/fail2ban/filter.d/spamassassin.conf
[Definition]
failregex = failregex = \[<ADDR>\]: 5\.7\.1 Blocked by SpamAssassin;
ignoreregex =
/etc/fail2ban/filter.d/postfix-custom.conf
# Fail2Ban filter for selected Postfix SMTP rejections
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
failregex =
^.*hostname \S+ does not resolve to address +<HOST>.*$
\[<HOST>\]: 450 4\.
\[<HOST>\]: 454 4\.
\[<HOST>\]: 504 5\.
\[<HOST>\]: 550 5\.
\[<HOST>\]: 554 5\.
/etc/fail2ban/filter.d/nginx-403.conf
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (403) .*$
ignoreregex =
/etc/fail2ban/filter.d/nginx-404.conf
[Definition]
# depending on your log format
# failregex = - - \[.*\] "(GET|POST|HEAD).*HTTP.* 404
failregex = ^<HOST>.*"(GET|POST).*" 404 .*$
ignoreregex = /lang/countries.json
.*(robots.txt|favicon.ico|sitemap.xml)
/etc/fail2ban/filter.d/nginx-botsearch.conf
[INCLUDES]
# Load regexes for filtering
before = botsearch-common.conf
[Definition]
failregex = \[error\] \d+#\d+: \*\d+ open\(\) "[^"]+" failed \(2: No such file or directory\), client: <HOST>, server: [\d\w\.-]+, request: "[A-Z]+ ([^"]+)"
ignoreregex =
datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
jail.local
[postfix-custom]
enabled = true
port = smtp,465,submission
filter = postfix-custom
logpath = /var/log/mail.info
[nginx-403]
enabled = true
port = http,https
filter = nginx-406
logpath = /var/log/nginx/access.log
maxretry = 6
[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /var/log/nginx/error.log
- fail2ban-regex /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-botsearch.conf
/etc/fail2ban/action.d/iptables-common.conf /iptables.conf
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
blocktype = DROP