New fail2ban rules for postscreen

Posted by Ralf Hildebrandt on 2 June 2011 | 0 Comments

Tags: , ,

fail2ban doesn't work properly with the new postscreen log entries, since those are different from the ones smtpd is generating.

postscreen:

#Jun  2 09:36:15 mail postfix/postscreen[14514]: NOQUEUE: reject: RCPT from [27.74.129.153]:11010: 550 5.7.1 Service unavailable; client [27.74.129.153] blo$

#Jun  2 09:37:28 mail postfix/smtpd[14544]: NOQUEUE: reject: RCPT from smtpgv01.qualitysmtp.com.br[187.85.160.22]: 550 5.1.1 <anna.hegele@charite.de>: Recip$

 

Jun  2 09:36:15 mail postfix/postscreen[14514]: NOQUEUE: reject: RCPT from [27.74.129.153]:11010: 550 5.7.1 Service unavailable; client [27.74.129.153] blo$

smtpd:

Jun  2 09:37:28 mail postfix/smtpd[14544]: NOQUEUE: reject: RCPT from smtpgv01.qualitysmtp.com.br[187.85.160.22]: 550 5.1.1 <anna.hegele@charite.de>: Recip$

So I changed the regexp to read:
failregex = reject: RCPT from (.*)\[<HOST>\]:([0-9]{4,5}:)? 550
I made the :portnumber stuff optional and alas, it's working now!

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments