Create Jail for Postfix based on RBL

Use RBL blocks to ban addresses, unique Jail so maxretry can be set to 1 (vs postfix.conf)
pull/901/head
Lee Clemens 10 years ago
parent bcfcefa203
commit fe72a5585c

@ -23,6 +23,8 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
* filter.d/postfix-sasl.conf - failregex is now case insensitive * filter.d/postfix-sasl.conf - failregex is now case insensitive
- New Features: - New Features:
- New filter:
- postfix-rbl Thanks Lee Clemens
- New interpolation feature for config readers - `%(known/parameter)s`. - New interpolation feature for config readers - `%(known/parameter)s`.
(means last known option with name `parameter`). This interpolation makes (means last known option with name `parameter`). This interpolation makes
possible to extend a stock filter or jail regexp in .local file possible to extend a stock filter or jail regexp in .local file

@ -0,0 +1,19 @@
# Fail2Ban filter for Postfix's RBL based Blocked hosts
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using \S+; Blocked.* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
ignoreregex =
# Author: Lee Clemens

@ -465,6 +465,13 @@ port = smtp,465,submission
logpath = %(postfix_log)s logpath = %(postfix_log)s
[postfix-rbl]
port = smtp,465,submission
logpath = %(syslog_mail)s
maxretry = 1
[sendmail-auth] [sendmail-auth]
port = submission,465,smtp port = submission,465,smtp

@ -0,0 +1,2 @@
# failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" }
Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from=<spammer@example.com> to=<goodguy@example.com> proto=ESMTP helo=<badguy.example.com>
Loading…
Cancel
Save