0c125ec9c9
filter.d/postfix.conf: add Sender address rejected: Malformed DNS server reply ( #3590 )
...
* add Sender address rejected: Malformed DNS server reply
2024-03-19 20:30:45 +01:00
d260ed31d2
Maintain backward compatibility Postfix SYSTEMD_UNIT
2024-03-12 04:42:36 +01:00
93082ead79
Change journalmatch postfix
2024-03-10 10:10:03 +01:00
45d7f3cb97
no space in any case
2024-03-08 11:43:46 +01:00
ff701e94c3
Add to postfix syslog daemon format
2024-03-07 20:23:50 +01:00
093cd763ce
filter.d/postfix.conf: "rejected" extended to match "Access denied" too;
...
closes gh-3474
2023-12-15 01:03:30 +01:00
ff4a2a12fc
filter.d/postfix.conf: avoid double counting ('lost connection after AUTH' together with message 'disconnect ...');
...
closes gh-3505
2023-12-15 00:32:48 +01:00
81b2eb32d6
Add pragma to ignore a codespell-detected typoin postfix.conf
2023-11-18 10:03:50 -05:00
579c6a94af
filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)
2021-06-10 15:23:24 +02:00
43f2923fbd
filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user";
...
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
2021-06-10 15:06:54 +02:00
38535b0cca
Merge branch '0.11' into master
2021-05-29 21:25:24 +02:00
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
ba7daef86c
Handle postscreen's PREGREET and HANGUP messages
...
Provoking those seems to be a popular activity among spammers.
2020-12-24 17:29:09 +03:00
774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
2020-02-10 13:29:16 +01:00
e5ae113215
filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439),
...
also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix
parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)
2019-06-07 16:14:02 +02:00
3b2f75414c
filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442)
2019-06-07 15:40:55 +02:00
0426a24719
filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE")
2019-05-14 15:27:20 +02:00
8c804a2290
Merge branch 'master' into 0.10
...
# Conflicts resolved:
# config/filter.d/postfix-rbl.conf
# config/filter.d/postfix-sasl.conf
# config/filter.d/postfix.conf
# fail2ban/tests/files/logs/postfix-sasl
2017-10-02 15:41:30 +02:00
a2120a9de5
filter.d/postfix-*.conf - added optional port regex (closes gh-1902)
2017-10-02 15:31:55 +02:00
aa92b68d4a
filter.d/postfix.conf: normalized several postfix-filters using parameter `mode` (as discussed in gh-1813);
...
introduced parameter `mode`: more (default, combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
replacement for gh-1239, gh-1697, gh-1764; closes gh-1245, gh-1297.
2017-07-10 20:49:28 +02:00
d32a3913cf
postfix postscreen (resp. other RBL's compatibility fix) / gh-1764
2017-07-10 15:38:24 +02:00
efeca8fdeb
postfix.conf: removes unneeded end-anchoring like `.*$`, etc.
...
also removes several dynamic content at end, which are of no avail there.
Additionally normalizes optional part (mail-ID) after reason number.
2017-06-19 16:25:46 +02:00
6f3d425c4d
Update postfix filters and tests
2017-06-12 18:56:19 -07:00
22afdbd536
Several filters optimized with pre-filtering using new option `prefregex`
2017-02-21 15:54:59 +01:00
7712310d2d
Be more backward compatible on matching postfix/smtps/smtpd
...
Support trailing smtps also and not only smtpd.
suggested by @sebres
2016-04-14 13:54:58 +02:00
1a299409e5
Fix postfix/smtps/smtpd matching.
2016-04-14 12:10:58 +02:00
6c606cf98f
Add support for matching postfix multi-instance daemon names by default
2016-02-23 20:23:04 +01:00
b5a07741c8
Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command
2016-02-08 11:11:59 +01:00
fa59a6850f
Add 'Sender address rejected: Domain not found' Postfix failregex
...
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
2015-11-22 12:01:15 +02:00
2d7429c47c
Add 'Client host rejected error message' regex
...
Not sure if it was reworded (using Postfix 2.6) or a slightly different error, but I only have "Client host rejected: cannot find your hostname"
2014-12-30 18:05:19 -05:00
0e1f8f7f39
RF: remove those two additional failregexes for the postfix
...
see comment
https://github.com/fail2ban/fail2ban/pull/804\#discussion_r17512426
2014-09-13 10:25:27 -04:00
249e169d8e
Update test cases and also suport smtps per request.
2014-09-08 11:53:51 -07:00
544cfaff2c
Add support for postfix/submission/smtpd matching.
2014-09-06 10:23:38 -07:00
3de80545e0
MRG: from master 2014/01/13
2014-01-13 21:23:39 +11:00
6b0e6b9bca
ENH: add improper command pipelining postfix filter
2014-01-13 06:59:59 +11:00
47d35c9d80
MRG: 0.8.11 to 0.9
...
Epnoc of selinux is now true UTC
Merge multiline support and date detection in filter
2013-11-02 15:59:05 +11:00
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00
1f1a56174f
MRG: merge from master
2013-09-08 21:02:35 +10:00
61d43608ae
ENH: filter.d/postfix - add filter for VRFY. Closes gh-322
2013-08-19 18:42:39 +10:00
eb2f0c9272
ENH: Improve postfix regex and add more samples
2013-07-20 15:31:21 +01:00
f7d328195f
NF: Add systemd journal backend
2013-05-10 00:15:07 +01:00
495f2dd877
DOC: purge of svn tags
2013-05-03 16:03:38 +10:00
91d5736c12
ENH: postfix filter -- react also on (450 4.7.1) with empty from/to. fixes #126
2013-03-26 09:40:04 -04:00
abd061bad8
- Changed <HOST> template to be more restrictive. Debian bug #514163 .
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-02-08 17:31:24 +00:00
44d75eb54f
- Added missing svn:keywords
...
- Split failregex in sshd.conf
- Added sshd-ddos.conf. Thanks to Yaroslav Halchenko
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-04 12:21:44 +00:00
840b9fff0f
- Fixed some comments
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-18 22:35:34 +00:00
f5d4cb6be2
- Added alias "<HOST>" for failregex
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-19 21:25:51 +00:00
0fd9865172
- Defined default values in .conf. Should fix Debian bug #398758
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-15 18:44:28 +00:00
90359ba523
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304
...
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-12 14:52:36 +00:00
Anton Samets