From 0d08faeb3231bb60dc4099262afd18519c10b5ed Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 24 Jul 2023 07:33:12 +0200 Subject: [PATCH 1/3] add trigger for postfix/postscreen DNSBL rank message --- config/filter.d/postfix.conf | 4 ++++ config/jail.conf | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index b374f472..7faec922 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -52,6 +52,10 @@ mdre-aggressive = %(mdre-auth2)s mdpr-errors = too many errors after \S+ mdre-errors = ^from [^[]*\[\]%(_port)s$ +# Extra mode "screendnsbl", triggered on postfix/postscreen[]: DNSBL rank for []: +mdpr-screendnsbl = DNSBL rank \d+ +mdre-screendnsbl = for \[\]%(_port)s + failregex = > diff --git a/config/jail.conf b/config/jail.conf index 12cb03d2..e8b10da1 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -599,6 +599,16 @@ backend = %(postfix_backend)s maxretry = 1 +[postfix-screendnbl] + +filter = postfix[mode=screendnsbl] +port = smtp,465,submission +logpath = %(postfix_log)s +backend = %(postfix_backend)s +maxretry = 1 +bantime = 4h + + [sendmail-auth] port = submission,465,smtp From f57844e291590d179c13270a65dc22723b15d055 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 24 Jul 2023 07:44:38 +0200 Subject: [PATCH 2/3] add logline --- fail2ban/tests/files/logs/postfix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix index d1e534e3..87862b29 100644 --- a/fail2ban/tests/files/logs/postfix +++ b/fail2ban/tests/files/logs/postfix @@ -178,3 +178,12 @@ Jun 8 23:14:54 proxy2 postfix/postscreen[473]: COMMAND COUNT LIMIT from [192.0. # filterOptions: [{}, {"mode": "ddos"}, {"mode": "aggressive"}] # failJSON: { "match": false, "desc": "don't affect lawful data (sporadical connection aborts within DATA-phase, see gh-1813 for discussion)" } Feb 18 09:50:05 xxx postfix/smtpd[42]: lost connection after DATA from good-host.example.com[192.0.2.10] + + +# --------------------------------------- +# Test-cases of postfix screendnsbl mode: +# --------------------------------------- + +# filterOptions: [{"mode": "screendnsbl"}] +# failJSON: { "time": "2023-07-01T03:55:34", "match": true , "host": "192.0.2.30" } +Jul 1 03:55:34 xxx postfix/postscreen[188902]: DNSBL rank 6 for [192.0.2.30]:52340 From ee789c29eaad753b4f7308d959622644f89d1714 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 16 Jan 2024 22:35:27 +0100 Subject: [PATCH 3/3] fix as requested --- config/filter.d/postfix.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index 7faec922..fd71c463 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -54,7 +54,7 @@ mdre-errors = ^from [^[]*\[\]%(_port)s$ # Extra mode "screendnsbl", triggered on postfix/postscreen[]: DNSBL rank for []: mdpr-screendnsbl = DNSBL rank \d+ -mdre-screendnsbl = for \[\]%(_port)s +mdre-screendnsbl = ^for \[\]%(_port)s failregex = >