CasperSecurity

Current Path : /etc/fail2ban/filter.d/
Upload File :
Current File : //etc/fail2ban/filter.d/exim-spam.conf

# Fail2Ban filter for exim the spam rejection messages
#
# Honeypot traps are very useful for fighting spam. You just activate an email
# address on your domain that you do not intend to use at all, and that normal
# people do not risk to try for contacting you. It may be something that 
# spammers often test. You can also hide the address on a web page to be picked
# by spam spiders. Or simply parse your mail logs for an invalid address 
# already being frequently targeted by spammers. Enable the address and 
# redirect it to the blackhole. In Exim's alias file, you would add the 
# following line (assuming the address is honeypot@yourdomain.com):
#
# honeypot:  :blackhole:
#
# For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used.
#
# To this filter use the jail.local should contain in the right jail:
#
# filter = exim-spam[honeypot=honeypot@yourdomain.com]
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# exim-common.local
before = exim-common.conf

[Definition]

failregex =  ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$
             ^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$
             ^%(pid)s \S+ SA: Action: flagged as Spam but accepted: score=\d+\.\d+ required=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=\S+ \[<HOST>\]\) for <honeypot>$
             ^%(pid)s \S+ SA: Action: silently tossed message: score=\d+\.\d+ required=\d+\.\d+ trigger=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=(\S+ )?\[<HOST>\]\) for \S+$

ignoreregex = 

[Init]

# Option:  honeypot
# Notes.:  honeypot is an email address that isn't published anywhere that a
#          legitimate email sender would send email too.
# Values:  email address

honeypot = trap@example.com

# DEV Notes:
# The %(host_info) defination contains a <HOST> match
#
# Author: Cyril Jaquier
#         Daniel Black (rewrote with strong regexs)
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY