Edit file File name : sendmail-auth.conf Content :# Fail2Ban filter for sendmail authentication failures # [INCLUDES] before = common.conf [Definition] _daemon = (?:sendmail|sm-(?:mta|acceptingconnections)) __prefix_line = %(known/__prefix_line)s(?:\w{14,20}: )? # "w{14,20}" will give support for IDs from 14 up to 20 characters long failregex = ^%(__prefix_line)s(\S+ )?\[(?:IPv6:<IP6>|<IP4>)\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$ ignoreregex = journalmatch = _SYSTEMD_UNIT=sendmail.service # DEV Notes: # # Author: Daniel Black Save