github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Use anchored failregex for filters to avoid possible DoS -- postfix.conf 

Manually picked up from the 0.8 branch limiting lines only to the existing failregex
debian-releases/wheezy
Yaroslav Halchenko 2014-06-22 11:50:16 -04:00
parent 264e7813d9
commit aff0f8233f
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
config/filter.d/postfix.conf
View File

@ -5,6 +5,12 @@
# $Revision$ # $Revision$
# #
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition] [Definition]
# Option: failregex # Option: failregex
@ -14,7 +20,9 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT # Values: TEXT
# #
failregex = reject: RCPT from (.*)\[<HOST>\]: 554 _daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
fail2ban (0.8.6-3wheezy3) wheezy-security; urgency=high
* Use anchored failregex for filters to avoid possible DoS
- CVE-2013-7176: postfix.conf - anchored on the front, expects
"postfix/smtpd" prefix in the log line
--
fail2ban (0.8.6-3wheezy2) wheezy-security; urgency=high fail2ban (0.8.6-3wheezy2) wheezy-security; urgency=high
* Anchor apache- filters failregexes to avoid possible DoS on servers * Anchor apache- filters failregexes to avoid possible DoS on servers