# Fail2ban filter for kerio

[Definition]

failregex = ^ SMTP Spam attack detected from <HOST>,
            ^ IP address <HOST> found in DNS blacklist \S+, mail from \S+ to \S+$
            ^ Relay attempt from IP address <HOST>
            ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$

ignoreregex =

[Init]

datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]

# DEV NOTES:
# 
# Author: A.P. Lawrence
#
# Based off: http://aplawrence.com/Kerio/fail2ban.html