github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Add support for TLS SMTP connections.

pull/3268/head
Logic-32 2022-04-27 12:45:23 -06:00 committed by sebres
parent 6fb89d1709
commit 419e380870
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -21,6 +21,7 @@ ver. 1.0.3-dev-1 (20??/??/??) - development nightly edition
if available for platform and uses DNS to find local IPv6 as a fallback only if available for platform and uses DNS to find local IPv6 as a fallback only
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132) * improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
* `action.d/mikrotik.conf` - new action for mikrotik routerOS, adds and removes entries from address lists on the router (gh-2860) * `action.d/mikrotik.conf` - new action for mikrotik routerOS, adds and removes entries from address lists on the router (gh-2860)
* `action.d/smtp.py` - added optional support for TLS connections via the `ssl` arg.
* `filter.d/exim.conf` - fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502) * `filter.d/exim.conf` - fixed "dropped: too many ..." regex, also matching unrecognized commands now (gh-3502)
* `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226) * `filter.d/nginx-forbidden.conf` - new filter to ban forbidden locations, e. g. using `deny` directive (gh-2226)
* `filter.d/sshd.conf`: * `filter.d/sshd.conf`:

17
config/action.d/smtp.py
View File

@ -75,7 +75,7 @@ class SMTPAction(ActionBase):
""" """
def __init__( def __init__(
self, jail, name, host="localhost", user=None, password=None, self, jail, name, host="localhost", ssl=False, user=None, password=None,
sendername="Fail2Ban", sender="fail2ban", dest="root", matches=None): sendername="Fail2Ban", sender="fail2ban", dest="root", matches=None):
"""Initialise action. """Initialise action.
@ -88,6 +88,8 @@ class SMTPAction(ActionBase):
host : str, optional host : str, optional
SMTP host, of host:port format. Default host "localhost" and SMTP host, of host:port format. Default host "localhost" and
port "25" port "25"
ssl : bool, optional
Whether to use TLS for the SMTP connection or not. Default False.
user : str, optional user : str, optional
Username used for authentication with SMTP server. Username used for authentication with SMTP server.
password : str, optional password : str, optional
@ -109,7 +111,7 @@ class SMTPAction(ActionBase):
super(SMTPAction, self).__init__(jail, name) super(SMTPAction, self).__init__(jail, name)
self.host = host self.host = host
#TODO: self.ssl = ssl self.ssl = ssl
self.user = user self.user = user
self.password =password self.password =password
@ -155,10 +157,19 @@ class SMTPAction(ActionBase):
msg['To'] = self.toaddr msg['To'] = self.toaddr
msg['Date'] = formatdate() msg['Date'] = formatdate()
smtp = smtplib.SMTP() smtp = smtplib.SMTP(self.host)
try: try:
self._logSys.debug("Connected to SMTP '%s', response: %i: %s", self._logSys.debug("Connected to SMTP '%s', response: %i: %s",
self.host, *smtp.connect(self.host)) self.host, *smtp.connect(self.host))
if self.ssl: # pragma: no cover
tls_result = smtp.starttls()[0];
if tls_result != 220: # pragma: no cover
self._logSys.error(
"Failed to starttls() on '%s' for user '%s': %s",
self.host, self.user, tls_result)
raise Exception("Failed to starttls()")
if self.user and self.password: # pragma: no cover (ATM no tests covering that) if self.user and self.password: # pragma: no cover (ATM no tests covering that)
smtp.login(self.user, self.password) smtp.login(self.user, self.password)
failed_recipients = smtp.sendmail( failed_recipients = smtp.sendmail(