Closed soulsymphonies closed 3 years ago
Thanks!
You need to reset to standard or add NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+
manually.
Is are REGEX still valid for stopping email address scanning?
I am wondering if someone out there has an email server and is sending spam mail to guess email address?
Got error like this (regex doesn't recognize...):
NOQUEUE: reject: RCPT from mail.example.com[123.123.123.123]: 550 5.1.1 <test@test.me>: Recipient address rejected: User unknown in virtual mailbox table; from=<test-from@test.me> to=<test@test.me> proto=ESMTP helo=<mail.example.com>
Is it worth creating a REGEX like this?: NOQUEUE: reject: RCPT from .+\[([0-9a-f\.:]+)].+Recipient address rejected.+
Summary
In the last few days, I noticed a lot of attempts of some spammers to guess email adresses on my mailcow server, the log files always look like this, except of course that the ip's change and the tested email adress as well.
I tried to create a regex for fail2ban, to ban those IPs, but I wasn't successful since I'm not very good at regex. Maybe someone could help me to come up with a regex for this, to ban these ips via fail2ban.
Thank you ever so much.
I have attached some of the logs:
Motivation
What are you about to solve or improve with this idea? reducing spam What would be the benefit for most users? less spam, less load on the mailserver