fail2ban: block postfix connections with wrong host name

edit
Fork to remote system
raw

README.rst

Block hosts connecting via SMTP to postfix and sending a wrong hostname.

Works on fail2ban 0.11.2-2 running on Debian 11.

regex can be tested with fail2ban-regex:

$ fail2ban-regex /var/log/mail.warn /etc/fail2ban/filter.d/postfix-resolve.conf

test if it works:

$ fail2ban-client banned
[{'postfix-resolve': ['187.205.215.230', '87.246.7.230']}]
raw

filter.d/postfix-resolve.conf

1
2
3
4
5
6
7
8
9
10
11
12

[INCLUDES]
before = common.conf
 
[Definition]
_daemon = postfix(-\w+)?/\w+(?:/smtp[ds])?
 
failregex = ^%(__prefix_line)swarning: hostname .*? does not resolve to address <HOST>: Name or service not known$
ignoreregex = 
 
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
 
raw

jail.local

1
2
3
4
5
6

[postfix-resolve]
enabled = true
maxretry = 3
logpath = %(postfix_log)s
backend = %(postfix_backend)s
 
raw

mail.log

1

Apr 22 20:28:44 ahso4 postfix/submission/smtpd[1938160]: warning: hostname dsl-187-205-215-230-dyn.prod-infinitum.com.mx does not resolve to address 187.205.215.230: Name or service not known
Add file
Delete paste
Christian Weiske Christian Weiske
owner

History

phorkie, the self-hosted, git-based pastebin software is available under the AGPL.