git » chasquid » commit 7d56f1b

diff --git a/etc/fail2ban/filter.d/chasquid.conf b/etc/fail2ban/filter.d/chasquid.conf
index b5c6e2e..898a72e 100644
--- a/etc/fail2ban/filter.d/chasquid.conf
+++ b/etc/fail2ban/filter.d/chasquid.conf
@@ -3,8 +3,23 @@
 before = common.conf
 
 [Definition]
-# Identify addresses that triggered an SMTP connection error.
-failregex = SMTP.Conn <ADDR>:\d+: error:
+# Identify addresses that triggered an SMTP error.
+# Specifically, filter for errors that are likely to be caused by deliberate
+# actions.
+#  - AUTH failed (e.g. auth over plaintext, or bad password)
+#  - MAIL failed (e.g. SPF check failed)
+#  - RCPT failed (e.g. relay not allowed)
+#  - DATA failed (e.g. malformed transaction)
+#  - Unknown command (e.g. cross-protocol shenanigans)
+#  - too many errors, breaking connection
+#  - http command, closing connection
+#
+# This list excludes connection issues (e.g. TCP or TLS), security level
+# checks, or other unusual errors that aren't typically problematic.
+failregex = SMTP.Conn <ADDR>:\d+: error:.*((AUTH|MAIL|RCPT|DATA) failed|Unknown command|too many errors|http command)
+
+# To catch _all_ connection errors, you can use this instead:
+#     failregex = SMTP.Conn <ADDR>:\d+: error:
 
 [Init]
 journalmatch = _SYSTEMD_UNIT=chasquid.service