Search found 10 matches

by ocahui
07 Oct 2019, 23:57
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

Through the combination of strategic countries, ASN, and netblocks, I've reduced spam, email account attempts, and log size by 96%. I have similar results using CC_DENY plus blocklists SPAMDROP SPAMEDROP BDE BDEALL FULLBOGON (all run by IPset) Only a few ports are open on my server, the SSH port no...
by ocahui
07 Oct 2019, 22:02
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

What is the syntax of your port declaration? Presently: { return ("SMTP error 3",$1,"exim_main_error3","1","25","14400");} Have also used: { return ("SMTP error 3",$1,"exim_main_error3","1",$3,"14400");} And: { return ("SMTP error 3",$1,"exim_main_error3","1",,"14400");} All are treated identically...
by ocahui
07 Oct 2019, 18:51
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

There are two categories of blocks: temporary and permanent (and permanent permanent). Your config will determine which are used and how. Be sure to read: ...... Temp blocks are stored in /var/lib/csf . Don't mess with these files. Permanent blocks are stored in deny.txt to the limit of DENY_IP_LIM...
by ocahui
04 Oct 2019, 22:44
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

I tested the changed regex file by catenating a line to the watched log. Sure enough, an entry was logged in lfd.log of the form: (myftpmatch) expected info [LF_CUSTOMTRIGGER] As a result, I am pretty sure it is now working. However, I have some more question related to this topic. Question 1: When ...
by ocahui
03 Oct 2019, 20:06
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

Suggestions: Verify that the log format or log message your rules are searching for have not changed. You nailed it! The lines I am searching begin with date/time. The logging application apparently added ms to the time. From: 2018-02-18 04:01:33 To: 2019-09-30 04:13:56.188 Just added " \.\d{3} " i...
by ocahui
03 Oct 2019, 19:44
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

Never mind. I see I need to use -P. option There does appear to be some issue with the main pattern that was working previously.
by ocahui
03 Oct 2019, 19:23
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

Re: regex.custom.pm stopped working

Could you post a (very brief) example of a grep command to test my regex expression against one of my files? Or a pointer to somewhere that does? I have only used grep for trivial searching whole folders for brief phrases, etc. My regex uses PCRE syntax with various shortcuts, and tests whole line /...
by ocahui
02 Oct 2019, 22:43
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 1146

regex.custom.pm stopped working

I started using regex.custom.pm several years ago, with great success. However, for reasons unknown, it stopped working over a year ago. The regex.custom.pm didn't change. There have been changes to csf.conf, including automatic update changes. However, I have a copy of the conf file saved some mont...
by ocahui
09 May 2016, 00:42
Forum: Suggestions (csf)
Topic: Alert message on custom regex blocks
Replies: 0
Views: 1708

Alert message on custom regex blocks

csf 8.23 (generic) This is a request for a little more detail in emailed alerts on custom regex blocks. In particular, the TTL of the block is an important fact left out of the email. It would also be helpful if the email contained a list of relevant csf.conf settings that resulted in that block. (F...
by ocahui
03 May 2016, 00:11
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 56
Views: 64683

Re: Custom REGEX rules for CSF.

This rule is working on a CENTOS7 server running csf with ipset+iptables, and exim MTA. This server is managed primarily with Webmin, bash terminal using an SSH tunnel, and Filezilla SFTP. The problem this rule addresses is remote hosts that attempt SMTP AUTH, despite not having AUTH advertised in r...