# Fail2Ban configuration file for sendmail
#
# Author: Fabian Wenk <fabian@wenks.ch>
#
# $Revision$
#
# Some of the below failregex will only work properly, when the following
# options are set in the .mc file (see your Sendmail documentation on how
# to modify it and generate the corresponding .cf file):
#
# FEATURE(`delay_checks')
# FEATURE(`greet_pause', `500')
# FEATURE(`ratecontrol', `nodelay', `terminate')
# FEATURE(`conncontrol', `nodelay', `terminate')
#
# ratecontrol and conncontrol also need corresponding options ClientRate:
# and ClientConn: in the access file, see documentation for ratecontrol and
# conncontrol in the sendmail/cf/README file.
#

[Definition]

# Option: failregex
# Notes.: regex to match rejected connections in the logfile.
# Values: TEXT
#
failregex = (sm-mta|sendmail)(?:\[\d+\])?: ruleset=check_relay, arg1=.*, arg2=<HOST>, relay=.*, reject=421 4.3.2 Too many open connections.$
	    (sm-mta|sendmail)(?:\[\d+\])?: ruleset=check_relay, arg1=.*, arg2=<HOST>, relay=.*, reject=421 4.3.2 Connection rate limit exceeded.$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: rejecting commands from .* \[<HOST>\] due to pre-greeting traffic after \d+ seconds$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: ruleset=check_rcpt, arg1=\<.*\>, relay=\[.*\], reject=550 5.7.1 \<.*\>... Relaying denied. IP name lookup failed \[<HOST>\]$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: ruleset=check_rcpt, arg1=\<.*\>, relay=.* \[.*\] \(may be forged\), reject=550 5.7.1 \<.*\>... Relaying denied. IP name possibly forged \[<HOST>\]$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: ruleset=check_rcpt, arg1=\<.*\>, relay=.* \[<HOST>\], reject=550 5.7.1 \<.*\>... Relaying denied. Proper authentication required.$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: ruleset=check_rcpt, arg1=\<.*\>, relay=.*\[<HOST>\].*, reject=550 5.1.1 \<.*\>... User unknown$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: ruleset=check_rcpt, arg1=\<.*\>, relay=.*\[<HOST>\].*, reject=553 5.1.8 \<.*\>... Domain of sender address .* does not exist$
	    (sm-mta|sendmail)(?:\[\d+\])?: .*: (.*)\[<HOST>\]: (?i)(EXPN|VRFY) .* \[rejected\]$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =