From 2d7429c47cfef27f89818e665c6b7634d9f6d140 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Tue, 30 Dec 2014 18:05:19 -0500 Subject: [PATCH 1/2] Add 'Client host rejected error message' regex Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname" --- ChangeLog | 1 + config/filter.d/postfix.conf | 1 + fail2ban/tests/files/logs/postfix | 3 +++ 3 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index c80dac5a..162071e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * filters.d/exim.conf - cover different settings of exim logs details. Thanks bes.internal * filter.d/postfix-sasl.conf - failregex is now case insensitive + * filters.d/postfix.conf - add 'Client host rejected error message' failregex - New Features: - New interpolation feature for config readers - `%(known/parameter)s`. diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index a7a05e47..a994d772 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -13,6 +13,7 @@ before = common.conf _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 554 5\.7\.1 .*$ + ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[\]: 550 5\.1\.1 .*$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[\]:?$ diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix index ccf2f8bc..fff25bb9 100644 --- a/fail2ban/tests/files/logs/postfix +++ b/fail2ban/tests/files/logs/postfix @@ -20,3 +20,6 @@ Dec 25 02:35:54 platypus postfix/smtpd[9144]: improper command pipelining after # failJSON: { "time": "2004-12-18T02:05:46", "match": true , "host": "216.245.198.245" } Dec 18 02:05:46 platypus postfix/smtpd[16349]: improper command pipelining after NOOP from unknown[216.245.198.245] + +# failJSON: { "time": "2014-12-21T21:17:29", "match": true , "host": "93.184.216.34" } +Dec 21 21:17:29 xxx postfix/smtpd[7150]: NOQUEUE: reject: RCPT from badserver.example.com[93.184.216.34]: 450 4.7.1 Client host rejected: cannot find your hostname, [93.184.216.34]; from= to= proto=ESMTP helo= From e6ffa2e4a19dbab4782d39cb066d5d1f196ab811 Mon Sep 17 00:00:00 2001 From: Lee Clemens Date: Tue, 30 Dec 2014 18:10:19 -0500 Subject: [PATCH 2/2] Update year in postfix logs test file --- fail2ban/tests/files/logs/postfix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix index fff25bb9..ee8720f8 100644 --- a/fail2ban/tests/files/logs/postfix +++ b/fail2ban/tests/files/logs/postfix @@ -21,5 +21,5 @@ Dec 25 02:35:54 platypus postfix/smtpd[9144]: improper command pipelining after # failJSON: { "time": "2004-12-18T02:05:46", "match": true , "host": "216.245.198.245" } Dec 18 02:05:46 platypus postfix/smtpd[16349]: improper command pipelining after NOOP from unknown[216.245.198.245] -# failJSON: { "time": "2014-12-21T21:17:29", "match": true , "host": "93.184.216.34" } +# failJSON: { "time": "2004-12-21T21:17:29", "match": true , "host": "93.184.216.34" } Dec 21 21:17:29 xxx postfix/smtpd[7150]: NOQUEUE: reject: RCPT from badserver.example.com[93.184.216.34]: 450 4.7.1 Client host rejected: cannot find your hostname, [93.184.216.34]; from= to= proto=ESMTP helo=