github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: add improper command pipelining postfix filter

pull/582/head
Daniel Black 2014-01-13 06:59:59 +11:00
parent 5deb1f8ddc
commit 6b0e6b9bca
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -54,6 +54,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
...: Auth fail". Thanks Marcel Dopita. Closes gh-289 ...: Auth fail". Thanks Marcel Dopita. Closes gh-289
- Added filter.d/ejabberd-auth - Added filter.d/ejabberd-auth
- Improved ACL-handling for Asterisk - Improved ACL-handling for Asterisk
- loglines now also report "[PID]" after the name portion
- Added improper command pipelining to postfix filter.
- New Features: - New Features:
@ -65,9 +67,6 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
- Added filter for freeswitch. Thanks Jim and editors and authors of - Added filter for freeswitch. Thanks Jim and editors and authors of
http://wiki.freeswitch.org/wiki/Fail2ban http://wiki.freeswitch.org/wiki/Fail2ban
- Enhancements:
- loglines now also report "[PID]" after the name portion
ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes
----------- -----------

1
config/filter.d/postfix.conf
View File

@ -15,6 +15,7 @@ _daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
ignoreregex = ignoreregex =

10
testcases/files/logs/postfix
View File

@ -10,3 +10,13 @@ Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.1
Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.43]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> to=<foo@porcupine.org> proto=SMTP helo=<192.51.100.43> Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.43]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> to=<foo@porcupine.org> proto=SMTP helo=<192.51.100.43>
# failJSON: { "time": "2005-08-10T10:55:38", "match": true , "host": "72.53.132.234" } # failJSON: { "time": "2005-08-10T10:55:38", "match": true , "host": "72.53.132.234" }
Aug 10 10:55:38 f-vanier-bourgeois postfix/smtpd[2162]: NOQUEUE: reject: VRFY from 72-53-132-234.cpe.distributel.net[72.53.132.234]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient tab Aug 10 10:55:38 f-vanier-bourgeois postfix/smtpd[2162]: NOQUEUE: reject: VRFY from 72-53-132-234.cpe.distributel.net[72.53.132.234]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient tab
# failJSON: { "time": "2005-01-12T11:07:49", "match": true , "host": "181.21.131.88" }
Jan 12 11:07:49 emf1pt2-2-35-70 postfix/smtpd[13767]: improper command pipelining after DATA from unknown[181.21.131.88]:
# failJSON: { "time": "2004-12-25T02:35:54", "match": true , "host": "173.10.140.217" }
Dec 25 02:35:54 platypus postfix/smtpd[9144]: improper command pipelining after RSET from 173-10-140-217-BusName-washingtonDC.hfc.comcastbusiness.net[173.10.140.217]
# failJSON: { "time": "2004-12-18T02:05:46", "match": true , "host": "216.245.198.245" }
Dec 18 02:05:46 platypus postfix/smtpd[16349]: improper command pipelining after NOOP from unknown[216.245.198.245]