diff --git a/ChangeLog b/ChangeLog index c80dac5a..162071e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * filters.d/exim.conf - cover different settings of exim logs details. Thanks bes.internal * filter.d/postfix-sasl.conf - failregex is now case insensitive + * filters.d/postfix.conf - add 'Client host rejected error message' failregex - New Features: - New interpolation feature for config readers - `%(known/parameter)s`. diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index a7a05e47..a994d772 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -13,6 +13,7 @@ before = common.conf _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 554 5\.7\.1 .*$ + ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[\]: 550 5\.1\.1 .*$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[\]:?$ diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix index ccf2f8bc..ee8720f8 100644 --- a/fail2ban/tests/files/logs/postfix +++ b/fail2ban/tests/files/logs/postfix @@ -20,3 +20,6 @@ Dec 25 02:35:54 platypus postfix/smtpd[9144]: improper command pipelining after # failJSON: { "time": "2004-12-18T02:05:46", "match": true , "host": "216.245.198.245" } Dec 18 02:05:46 platypus postfix/smtpd[16349]: improper command pipelining after NOOP from unknown[216.245.198.245] + +# failJSON: { "time": "2004-12-21T21:17:29", "match": true , "host": "93.184.216.34" } +Dec 21 21:17:29 xxx postfix/smtpd[7150]: NOQUEUE: reject: RCPT from badserver.example.com[93.184.216.34]: 450 4.7.1 Client host rejected: cannot find your hostname, [93.184.216.34]; from= to= proto=ESMTP helo=