Fail2Ban and PCRE Script Using Zimbra’s Daily Mail Report
While Fail2Ban’s automation works great, we find that reviewing the “Recipient address rejected” section of Zimbra’s Daily Mail Report yields evidence of potential Advanced Persistent Threats as well as probes from senders whom you’d like to block. Manually grepping through /var/log/zimbra.log* on the logger host to find the sender’s IP …