<li><ahref="#optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</a></li>
<h3id="optional-update-one-fail2ban-filter-regular-expressio-to-help-catch-dos-attacks-to-smtp-service">[OPTIONAL] Update one Fail2ban filter regular expressio to help catch DoS attacks to SMTP service</h3>
<ol>
<li>Open file <code>/etc/fail2ban/filters.d/postfix.iredmail.conf</code> or
<code>/usr/local/etc/fail2ban/filters.d/postfix.iredmail.conf</code> (on FreeBSD), find
below line under <code>[Definition]</code> section:</li>
</ol>
<pre><code> lost connection after AUTH from (.*)\[<HOST>\]
</code></pre>
<p>Update above line to below one:</p>
<pre><code> lost connection after (AUTH|UNKNOWN|EHLO) from (.*)\[<HOST>\]
</code></pre>
<p>Restarting Fail2ban service is required.</p><pstyle="text-align: center; color: grey;">Document published under a <ahref="http://creativecommons.org/licenses/by-nd/3.0/us/"target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <ahref="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>