{"type":"rich","version":"1.0","provider_name":"phorkie","provider_url":"https:\/\/p.cweiske.de\/","title":"fail2ban: block postfix connections with wrong host name","author_name":"Christian Weiske","cache_age":86400,"width":900,"height":900,"html":"<!-- embedding all files of https:\/\/p.cweiske.de\/834 -->\n<link rel=\"stylesheet\" href=\"https:\/\/p.cweiske.de\/css\/embed.css\"\/>\n<div class=\"phork\" id=\"834\">\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  \n<div class=\"document\">\n\n\n<p>Block hosts connecting via SMTP to postfix and sending a wrong hostname.<\/p>\n<p>Works on fail2ban 0.11.2-2 running on Debian 11.<\/p>\n<p>regex can be tested with fail2ban-regex:<\/p>\n<pre class=\"literal-block\">\n$ fail2ban-regex \/var\/log\/mail.warn \/etc\/fail2ban\/filter.d\/postfix-resolve.conf\n<\/pre>\n<p>test if it works:<\/p>\n<pre class=\"literal-block\">\n$ fail2ban-client banned\n[{'postfix-resolve': ['187.205.215.230', '87.246.7.230']}]\n<\/pre>\n<\/div>\n\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/834\/rev-raw\/c502ce479ed4984421cf5149f509750ce52fda8a\/README.rst\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/834#README.rst\">README.rst<\/a>\n <\/div>\n<\/div>\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  <style type=\"text\/css\">\/**\n * GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann\n * (http:\/\/qbnz.com\/highlighter\/ and http:\/\/geshi.org\/)\n *\/\n.ini .de1, .ini .de2 {font: normal normal 1em\/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;}\n.ini  {font-family:monospace;}\n.ini .imp {font-weight: bold; color: red;}\n.ini li, .ini .li1 {color: #DDD;}\n.ini .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;}\n.ini .co0 {color: #666666; font-style: italic;}\n.ini .sy0 {color: #000066; font-weight:bold;}\n.ini .st0 {color: #933;}\n.ini .re0 {color: #000066; font-weight:bold;}\n.ini .re1 {color: #000099;}\n.ini .re2 {color: #660066;}\n.ini span.xtra { display:block; }\n<\/style><div class=\"code\"><table class=\"ini\"><tbody><tr class=\"li1\"><td class=\"ln\"><pre class=\"de1\">1\n2\n3\n4\n5\n6\n7\n8\n9\n10\n11\n12\n<\/pre><\/td><td class=\"de1\"><pre class=\"de1\"><span class=\"re0\"><span class=\"br0\">&#91;<\/span>INCLUDES<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">before<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> common.conf<\/span>\n&#160;\n<span class=\"re0\"><span class=\"br0\">&#91;<\/span>Definition<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">_daemon<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> postfix<span class=\"br0\">&#40;<\/span>-\\w+<span class=\"br0\">&#41;<\/span>?\/\\w+<span class=\"br0\">&#40;<\/span>?:\/smtp<span class=\"re0\"><span class=\"br0\">&#91;<\/span>ds<span class=\"br0\">&#93;<\/span><\/span><span class=\"br0\">&#41;<\/span>?<\/span>\n&#160;\n<span class=\"re1\">failregex<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> ^%<span class=\"br0\">&#40;<\/span>__prefix_line<span class=\"br0\">&#41;<\/span>swarning: hostname .*? does not resolve to address &lt;HOST&gt;: Name or service not known$<\/span>\n<span class=\"re1\">ignoreregex<\/span> <span class=\"sy0\">=<\/span> \n&#160;\n<span class=\"re0\"><span class=\"br0\">&#91;<\/span>Init<span class=\"br0\">&#93;<\/span><\/span>\n<span class=\"re1\">journalmatch<\/span> <span class=\"sy0\">=<\/span><span class=\"re2\"> _SYSTEMD_UNIT=postfix.service<\/span>\n&#160;<\/pre><\/td><\/tr><\/tbody><\/table><\/div>\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/834\/rev-raw\/c502ce479ed4984421cf5149f509750ce52fda8a\/filter.d\/postfix-resolve.conf\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/834#filter.d\/postfix-resolve.conf\">filter.d\/postfix-resolve.conf<\/a>\n <\/div>\n<\/div>\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  <style type=\"text\/css\"><\/style><div class=\"code\"><table class=\"local\"><tbody><tr class=\"li1\"><td class=\"ln\"><pre class=\"de1\">1\n2\n3\n4\n5\n6\n<\/pre><\/td><td class=\"de1\"><pre class=\"de1\">[postfix-resolve]\r\nenabled = true\r\nmaxretry = 3\r\nlogpath = %(postfix_log)s\r\nbackend = %(postfix_backend)s\r\n&#160;<\/pre><\/td><\/tr><\/tbody><\/table><\/div>\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/834\/rev-raw\/c502ce479ed4984421cf5149f509750ce52fda8a\/jail.local\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/834#jail.local\">jail.local<\/a>\n <\/div>\n<\/div>\n    <div class=\"phork-file\">\n <div class=\"phork-content\">\n  <style type=\"text\/css\"><\/style><div class=\"code\"><table class=\"log\"><tbody><tr class=\"li1\"><td class=\"ln\"><pre class=\"de1\">1\n<\/pre><\/td><td class=\"de1\"><pre class=\"de1\">Apr 22 20:28:44 ahso4 postfix\/submission\/smtpd[1938160]: warning: hostname dsl-187-205-215-230-dyn.prod-infinitum.com.mx does not resolve to address 187.205.215.230: Name or service not known<\/pre><\/td><\/tr><\/tbody><\/table><\/div>\n <\/div>\n <div class=\"phork-meta\">\n  <a href=\"https:\/\/p.cweiske.de\/834\/rev-raw\/c502ce479ed4984421cf5149f509750ce52fda8a\/mail.log\" style=\"float: right\">view raw source<\/a>\n  <a href=\"https:\/\/p.cweiske.de\/834#mail.log\">mail.log<\/a>\n <\/div>\n<\/div>\n<\/div>\n"}