I am looking into putting fail2ban on a mail server to help reduce the number of outbound spam attacks. Is there a way to set it up to notify me when a user exceeds a maximum number of authentications (successful or failed) in a given time frame? So far I can only find how to set it for failed attempts.
You can change the corresponding failregx so it matches successful and failed logins. Change Code: failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$ to Code: failregex = LOGIN , .*, ip=\[<HOST>\]$ In the next step change maxretry and maybe the action for the jail. After reloading the jail, fail2ban triggers on both login-types. If you have problems with outbound spam,you should check your system instead of using f2b as a workaround.
