ConfigServer Community Forum

Hi Members,

Can someone help me to track down and block following behavior with custom regex?:

=================================
2015-10-25 12:47:50 H=(115-87-13-177.skybandalarga.com.br) [177.13.87.115]:21944 F=<fakeuser@domainname> rejected RCPT <fakeuser@domainname>: Sender verify failed
2015-10-25 12:47:51 H=(dynamic.vdc.vn) [113.162.223.170]:59451 sender verify fail for <fakeuser@domainname>:
2015-10-25 12:47:51 H=(dynamic.vdc.vn) [113.162.223.170]:59451 F=<fakeuser@domainname> rejected RCPT <fakeuser@domainname>: Sender verify failed
2015-10-25 12:47:53 H=([188.55.207.228]) [188.55.207.228]:29827 sender verify fail for <fakeuser@domainname>:
2015-10-25 12:47:53 H=([188.55.207.228]) [188.55.207.228]:29827 F=<fakeuser@domainname> rejected RCPT <fakeuser@domainname>: Sender verify failed
2015-10-25 12:47:56 H=177-66-137-33.clonix.srv.br [177.66.137.33]:10000 sender verify fail for <fakeuser@domainname>:
2015-10-25 12:47:56 H=177-66-137-33.clonix.srv.br [177.66.137.33]:10000 F=<fakeuser@domainname> rejected RCPT <fakeuser@domainname>: Sender verify failed
=================================

Here you go! https://regex101.com/r/uQ6wY0/2

thanks much appreciated. If you can create CSF rule for me I would be very grateful.

Here you go: It will block anyone with more than 5 matches for 1 day.

thank you marcele. you have been a wonderful help.