diff --git a/ChangeLog b/ChangeLog index ba35b7df..c53989f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,10 +22,12 @@ TODO: implementing of options resp. other tasks from PR #1346 (by using tag `` instead of buffering with `maxlines`); - optional parameter `mode` rewritten: normal (default), ddos, extra or aggressive (combines all), see sshd for regex details) -* filter.d/sendmail-reject.conf: +* `filter.d/sendmail-reject.conf`: - rewritten using `prefregex` and used MLFID-related multi-line parsing; - optional parameter `mode` introduced: normal (default), extra or aggressive -* filter.d/haproxy-http-auth: do not mistake client port for part of an IPv6 address (gh-1745) +* `filter.d/haproxy-http-auth`: do not mistake client port for part of an IPv6 address (gh-1745) +* `filter.d/postfix-sasl.conf` + - updated to latest postfix formats * `action.d/complain.conf` - fixed using new tag `` (sh/dash compliant now) * `action.d/sendmail-geoip-lines.conf` diff --git a/THANKS b/THANKS index 8cc8f7bd..7861ceb5 100644 --- a/THANKS +++ b/THANKS @@ -61,6 +61,7 @@ John Thoe Jacques Lav!gnotte Johannes Weberhofer Jason H Martin +Jeaye Wilkerson Jisoo Park Joel M Snyder Jonathan Kamens diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index 005ed585..1cf54f14 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -15,12 +15,12 @@ _daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds] prefregex = ^%(__prefix_line)s(?:NOQUEUE: reject:|improper command pipelining) .+$ failregex = ^RCPT from \S+\[\]: 554 5\.7\.1 - ^RCPT from \S+\[\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ - ^RCPT from \S+\[\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ - ^EHLO from \S+\[\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname; + ^RCPT from \S+\[\]: 450 4\.7\.1 Client host rejected: cannot find your (reverse )?hostname\b + ^RCPT from \S+\[\]: 450 4\.7\.1 (<[^>]*>)?: Helo command rejected: Host not found\b + ^EHLO from \S+\[\]: 504 5\.5\.2 (<[^>]*>)?: Helo command rejected: need fully-qualified hostname\b ^VRFY from \S+\[\]: 550 5\.1\.1 - ^RCPT from \S+\[\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ - ^after \S+ from [^[]*\[\]:?$ + ^RCPT from \S+\[\]: 450 4\.1\.8 (<[^>]*>)?: Sender address rejected: Domain not found\b + ^after \S+ from [^[]*\[\]:? ignoreregex = diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix index 78f72287..c38ba311 100644 --- a/fail2ban/tests/files/logs/postfix +++ b/fail2ban/tests/files/logs/postfix @@ -35,3 +35,12 @@ Jan 31 13:55:24 xxx postfix-incoming/smtpd[3462]: NOQUEUE: reject: EHLO from s27 # failJSON: { "time": "2005-04-12T02:24:11", "match": true , "host": "62.138.2.143" } Apr 12 02:24:11 xxx postfix/smtps/smtpd[42]: NOQUEUE: reject: EHLO from astra4139.startdedicated.de[62.138.2.143]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; proto=SMTP helo= + +# failJSON: { "time": "2005-06-12T08:58:35", "match": true , "host": "1.2.3.4" } +Jun 12 08:58:35 xxx postfix/smtpd[27296]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2.3.4.5]; from= to= proto=ESMTP helo= + +# failJSON: { "time": "2005-06-12T08:58:35", "match": true , "host": "1.2.3.4" } +Jun 12 08:58:35 xxx postfix/smtpd[2931]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=SMTP helo= + +# failJSON: { "time": "2005-06-12T08:58:35", "match": true , "host": "1.2.3.4" } +Jun 12 08:58:35 xxx postfix/smtpd[13533]: improper command pipelining after AUTH from unknown[1.2.3.4]: QUIT