mirror of https://github.com/fail2ban/fail2ban
Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)pull/901/head
parent
bcfcefa203
commit
fe72a5585c
@ -0,0 +1,19 @@
|
|||||||
|
# Fail2Ban filter for Postfix's RBL based Blocked hosts
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes. If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
_daemon = postfix/smtpd
|
||||||
|
|
||||||
|
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using \S+; Blocked.* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
# Author: Lee Clemens
|
@ -0,0 +1,2 @@
|
|||||||
|
# failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" }
|
||||||
|
Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from=<spammer@example.com> to=<goodguy@example.com> proto=ESMTP helo=<badguy.example.com>
|
Loading…
Reference in new issue