Merge pull request #901 from leeclemens/ENH/PostfixRBL

Create Jail for Postfix based on RBL

ChangeLog

@@ -25,6 +25,8 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
    * fail2ban/__init__.py - add strptime thread safety hack-around
 
 - New Features:
+   - New filter:
+     - postfix-rbl  Thanks Lee Clemens
    - New interpolation feature for config readers - `%(known/parameter)s`.
      (means last known option with name `parameter`). This interpolation makes
      possible to extend a stock filter or jail regexp in .local file

config/filter.d/postfix-rbl.conf

@@ -0,0 +1,19 @@
+# Fail2Ban filter for Postfix's RBL based Blocked hosts
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
+
+ignoreregex =
+
+# Author: Lee Clemens

config/jail.conf

@@ -465,6 +465,13 @@ port     = smtp,465,submission
 logpath  = %(postfix_log)s
 
 
+[postfix-rbl]
+
+port     = smtp,465,submission
+logpath  = %(syslog_mail)s
+maxretry = 1
+
+
 [sendmail-auth]
 
 port    = submission,465,smtp

fail2ban/tests/files/logs/postfix-rbl

@@ -0,0 +1,2 @@
+# failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" }
+Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from=<spammer@example.com> to=<goodguy@example.com> proto=ESMTP helo=<badguy.example.com>