3 changed files with 20 additions and 0 deletions
@ -0,0 +1,4 @@
|
||||
SECURITY.* SecurityEvent="FailedACL".*RemoteAddress="IPV[46]/[TU][CD]P/<HOST>/[0-9]+" |
||||
SECURITY.* SecurityEvent="InvalidAccountID".*RemoteAddress="IPV[46]/[TU][CD]P/<HOST>/[0-9+]+" |
||||
SECURITY.* SecurityEvent="ChallengeResponseFailed".*RemoteAddress="IPV[46]/[TU][CD]P/<HOST>/[0-9]+" |
||||
SECURITY.* SecurityEvent="InvalidPassword".*RemoteAddress="IPV[46]/[TU][CD]P/<HOST>/[0-9]+" |
||||
@ -0,0 +1,3 @@
|
||||
NOQUEUE: reject: RCPT from [[:print:]]+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[[[:print:]]+\] blocked |
||||
NOQUEUE: reject: RCPT from [[:print:]]+\[<HOST>\]: 554 5\.7\.1 .* |
||||
warning: [[:print:]]+\[<HOST>\]: SASL [A-Z0-9-]+ authentication failed |
||||
@ -0,0 +1,13 @@
|
||||
[Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)? |
||||
[Aa]uthentication error for .* from <HOST>( via [[:print:]]*)? |
||||
User not known to the underlying authentication module for .* from <HOST> |
||||
refused connect from [[:print:]]+ \(<HOST>\) |
||||
Received disconnect from <HOST>: [0-9]*: [[:print:]]: Auth fail |
||||
Did not receive identification string from <HOST> |
||||
Invalid user [[:print:]]+ from <HOST> |
||||
Connection closed by <HOST> \[preauth\] |
||||
User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers |
||||
User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers |
||||
User [[:print:]]+ from <HOST> not allowed because not in any group |
||||
User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups |
||||
User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups |
||||
Loading…
Reference in new issue