One Hat Cyber Team
Your IP :
3.149.251.64
Server IP :
104.21.96.1
Server :
Linux agrigation-prod 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64
Server Software :
nginx/1.24.0
PHP Version :
7.4.33
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
etc
/
fail2ban
/
filter.d
/
View File Name :
exim-spam.conf
# Fail2Ban filter for exim the spam rejection messages # # Honeypot traps are very useful for fighting spam. You just activate an email # address on your domain that you do not intend to use at all, and that normal # people do not risk to try for contacting you. It may be something that # spammers often test. You can also hide the address on a web page to be picked # by spam spiders. Or simply parse your mail logs for an invalid address # already being frequently targeted by spammers. Enable the address and # redirect it to the blackhole. In Exim's alias file, you would add the # following line (assuming the address is honeypot@yourdomain.com): # # honeypot: :blackhole: # # For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used. # # To this filter use the jail.local should contain in the right jail: # # filter = exim-spam[honeypot=honeypot@yourdomain.com] # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # exim-common.local before = exim-common.conf [Definition] failregex = ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$ ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$ ^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$ ^%(pid)s \S+ SA: Action: flagged as Spam but accepted: score=\d+\.\d+ required=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=\S+ \[<HOST>\]\) for <honeypot>$ ^%(pid)s \S+ SA: Action: silently tossed message: score=\d+\.\d+ required=\d+\.\d+ trigger=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=(\S+ )?\[<HOST>\]\) for \S+$ ignoreregex = [Init] # Option: honeypot # Notes.: honeypot is an email address that isn't published anywhere that a # legitimate email sender would send email too. # Values: email address honeypot = trap@example.com # DEV Notes: # The %(host_info) defination contains a <HOST> match # # Author: Cyril Jaquier # Daniel Black (rewrote with strong regexs)