I’m using Fail2ban on a Mailcleaner server whick works pretty good, but I want to update it to that ban hosts who want to spoofing our addresses. I’m using the “original” mc-exim-filter, but I don’t really understand how regular expressions works.
Here is an example from the log: 2021-02-26 00:02:37 H=((188.8.131.52)) (184.108.40.206) Ffirstname.lastname@example.org rejected RCPT email@example.com: This domain does not accept mail from itself (spoofing)
I tried many combaniton based on the already existing failregexes, but it doesn’t want to ban the attackers.
Can anyone help? Thank you in advance