Block "authentication required" attempts?

ken_hk · Post by **ken_hk** » 03 Jun 2010, 06:46

Hi,

Recently I checked the exim log and found many failed email relaying attempts from one ip:

2010-06-02 10:22:12 H=(someehlo) [someip] F=<someemail> rejected RCPT <someemail2>: authentication required

It seems that csf is not detecting these. Is it possible to block these also?

Server is using csf v5.08 and DirectAdmin v1.34.1

Thank you.

Post by **chirpy** » 14 Jun 2010, 14:58

That isn't a log line format the regex.pm is configured to detect. You'd need to use a custom entry in regex.custom.pm if you want to detect that.