fail2ban jail for dnsbl IPs
Below is an excerpt from axigen log.
If the IP is also printed just after a space after regex "[DNSBL record found] " then it can be used with fail2ban to create a jail.
The desired change is trivial compared to the benefits it can provide the admins for blocking repeated unwanted connections. Thanks.
Sample Axigen Log:
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: MX validity verified for some.id@somedomain.com
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Set smtp action to REJECT
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Set smtp explanation to [DNSBL record found]
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Set local delivery to auth
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Set remote delivery to auth
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Execute onMailFrom event for filter <mimedefang>
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: Set mail state to REMOVED
2019-12-23 00:00:00 +0000 08 mail SMTP-IN:000ACBD8: closing session from [103.134.94.46]
Vikram Goyal
shared this idea