From fb5a722d368efe19c4941a68a9c08d5a64a2b118 Mon Sep 17 00:00:00 2001
From: Oliver Ladner <waste@lugh.ch>
Date: Sun, 4 Sep 2011 12:07:25 +0200
Subject: [PATCH] initial upload

---
 README             |  6 ++++++
 lighttpd-auth.conf | 23 +++++++++++++++++++++++
 tumgreyspf.conf    | 24 ++++++++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 README
 create mode 100644 lighttpd-auth.conf
 create mode 100644 tumgreyspf.conf

diff --git a/README b/README
new file mode 100644
index 0000000..49826de
--- /dev/null
+++ b/README
@@ -0,0 +1,6 @@
+These filters will match various actions considered harmful or annoying like:
+
+tumgreyspf:	- clients with probing address [...]justsendingthisleter
+		- clients which aren't allowed by SPF records
+
+lighttpd-auth:	- digest auth tries with wrong password	
diff --git a/lighttpd-auth.conf b/lighttpd-auth.conf
new file mode 100644
index 0000000..64a8a4b
--- /dev/null
+++ b/lighttpd-auth.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = digest: auth failed for  .* : wrong password, IP: <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/tumgreyspf.conf b/tumgreyspf.conf
new file mode 100644
index 0000000..0921cdb
--- /dev/null
+++ b/tumgreyspf.conf
@@ -0,0 +1,24 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 728 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = domain owner discourages use of this host.*client-ip=<HOST>.*receiver=.*sendingthisleter@.*
+            SPF fail - not authorized': QUEUE_ID=""; identity=mailfrom; client-ip=<HOST>;
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =