initial upload

README

@@ -0,0 +1,6 @@
+These filters will match various actions considered harmful or annoying like:
+
+tumgreyspf:	- clients with probing address [...]justsendingthisleter
+		- clients which aren't allowed by SPF records
+
+lighttpd-auth:	- digest auth tries with wrong password	

lighttpd-auth.conf

@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = digest: auth failed for  .* : wrong password, IP: <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

tumgreyspf.conf

@@ -0,0 +1,24 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = domain owner discourages use of this host.*client-ip=<HOST>.*receiver=.*sendingthisleter@.*
+            SPF fail - not authorized': QUEUE_ID=""; identity=mailfrom; client-ip=<HOST>;
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =