Tungsol Filaments

You can use the script below to parse your maillog (mail.log on Debian based distros) for failed login attempts and place the results in your hosts.deny file or your IP tables config. The script deletes leading 0 IP addresses and filters out [brackets]. You can change the grep filter phrase to your liking.

grep “failed” /var/log/maillog | grep -Eo “([0-9]{1,3}.){3}[0-9]{1,3}” | sed ‘s/^[0]*//’ | uniq