mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
# Fail2Ban filter for selected Postfix SMTP rejections
|
|
#
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
|
|
|
|
prefregex = ^%(__prefix_line)s(?:NOQUEUE: reject:|improper command pipelining) <F-CONTENT>.+</F-CONTENT>$
|
|
|
|
failregex = ^RCPT from \S+\[<HOST>\]: 554 5\.7\.1
|
|
^RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
|
|
^RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
|
|
^EHLO from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname;
|
|
^VRFY from \S+\[<HOST>\]: 550 5\.1\.1
|
|
^RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
|
|
^after \S+ from [^[]*\[<HOST>\]:?$
|
|
|
|
ignoreregex =
|
|
|
|
[Init]
|
|
|
|
journalmatch = _SYSTEMD_UNIT=postfix.service
|
|
|
|
# Author: Cyril Jaquier
|