diff --git a/ChangeLog b/ChangeLog index 2ca227ff..aebfa829 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better ...: Auth fail". Thanks Marcel Dopita. Closes gh-289 - Added filter.d/ejabberd-auth - Improved ACL-handling for Asterisk + - loglines now also report "[PID]" after the name portion + - Added improper command pipelining to postfix filter. - New Features: @@ -65,9 +67,6 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better - Added filter for freeswitch. Thanks Jim and editors and authors of http://wiki.freeswitch.org/wiki/Fail2ban -- Enhancements: - - loglines now also report "[PID]" after the name portion - ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes ----------- diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index fd8519c9..7330f10c 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -15,6 +15,7 @@ _daemon = postfix/smtpd failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 554 5\.7\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[\]: 550 5\.1\.1 .*$ + ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[\]:?$ ignoreregex = diff --git a/testcases/files/logs/postfix b/testcases/files/logs/postfix index 122ad8e5..ccf2f8bc 100644 --- a/testcases/files/logs/postfix +++ b/testcases/files/logs/postfix @@ -10,3 +10,13 @@ Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.1 Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.43]: 554 5.7.1 : Sender address rejected: match bad.domain; from= to= proto=SMTP helo=<192.51.100.43> # failJSON: { "time": "2005-08-10T10:55:38", "match": true , "host": "72.53.132.234" } Aug 10 10:55:38 f-vanier-bourgeois postfix/smtpd[2162]: NOQUEUE: reject: VRFY from 72-53-132-234.cpe.distributel.net[72.53.132.234]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient tab + + +# failJSON: { "time": "2005-01-12T11:07:49", "match": true , "host": "181.21.131.88" } +Jan 12 11:07:49 emf1pt2-2-35-70 postfix/smtpd[13767]: improper command pipelining after DATA from unknown[181.21.131.88]: + +# failJSON: { "time": "2004-12-25T02:35:54", "match": true , "host": "173.10.140.217" } +Dec 25 02:35:54 platypus postfix/smtpd[9144]: improper command pipelining after RSET from 173-10-140-217-BusName-washingtonDC.hfc.comcastbusiness.net[173.10.140.217] + +# failJSON: { "time": "2004-12-18T02:05:46", "match": true , "host": "216.245.198.245" } +Dec 18 02:05:46 platypus postfix/smtpd[16349]: improper command pipelining after NOOP from unknown[216.245.198.245]