Fail2ban

fail2ban - 阻止來自 mail.log “來自 SSL_accept 的錯誤”

  • September 25, 2016

如果在 postfix 郵件日誌中是以下行,我想用 fail2ban 阻止 IP 地址:

SSL_accept error from unknown[xxx.xxx.xxx.xxx]: lost connection

我嘗試使用以下行在 filter.d 中製作 fail2ban ssl_error.conf:

failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]: lost connection$

但沒有運氣:(

擺脫^%(__prefix_line)s部分。簡單設置

failregex = SSL_accept error from \S+\s*\[<HOST>\]: lost connection

引用自:https://serverfault.com/questions/805119