rich1.0phorkiehttps://p.cweiske.de/fail2ban: block postfix connections with wrong host nameChristian Weiske86400900900<!-- embedding all files of https://p.cweiske.de/834 --> <link rel="stylesheet" href="https://p.cweiske.de/css/embed.css"/> <div class="phork" id="834"> <div class="phork-file"> <div class="phork-content"> <div class="document"> <p>Block hosts connecting via SMTP to postfix and sending a wrong hostname.</p> <p>Works on fail2ban 0.11.2-2 running on Debian 11.</p> <p>regex can be tested with fail2ban-regex:</p> <pre class="literal-block"> $ fail2ban-regex /var/log/mail.warn /etc/fail2ban/filter.d/postfix-resolve.conf </pre> <p>test if it works:</p> <pre class="literal-block"> $ fail2ban-client banned [{'postfix-resolve': ['187.205.215.230', '87.246.7.230']}] </pre> </div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/834/rev-raw/c502ce479ed4984421cf5149f509750ce52fda8a/README.rst" style="float: right">view raw source</a> <a href="https://p.cweiske.de/834#README.rst">README.rst</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <style type="text/css">/** * GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann * (http://qbnz.com/highlighter/ and http://geshi.org/) */ .ini .de1, .ini .de2 {font: normal normal 1em/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;} .ini {font-family:monospace;} .ini .imp {font-weight: bold; color: red;} .ini li, .ini .li1 {color: #DDD;} .ini .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;} .ini .co0 {color: #666666; font-style: italic;} .ini .sy0 {color: #000066; font-weight:bold;} .ini .st0 {color: #933;} .ini .re0 {color: #000066; font-weight:bold;} .ini .re1 {color: #000099;} .ini .re2 {color: #660066;} .ini span.xtra { display:block; } </style><div class="code"><table class="ini"><tbody><tr class="li1"><td class="ln"><pre class="de1">1 2 3 4 5 6 7 8 9 10 11 12 </pre></td><td class="de1"><pre class="de1"><span class="re0"><span class="br0">&#91;</span>INCLUDES<span class="br0">&#93;</span></span> <span class="re1">before</span> <span class="sy0">=</span><span class="re2"> common.conf</span> &#160; <span class="re0"><span class="br0">&#91;</span>Definition<span class="br0">&#93;</span></span> <span class="re1">_daemon</span> <span class="sy0">=</span><span class="re2"> postfix<span class="br0">&#40;</span>-\w+<span class="br0">&#41;</span>?/\w+<span class="br0">&#40;</span>?:/smtp<span class="re0"><span class="br0">&#91;</span>ds<span class="br0">&#93;</span></span><span class="br0">&#41;</span>?</span> &#160; <span class="re1">failregex</span> <span class="sy0">=</span><span class="re2"> ^%<span class="br0">&#40;</span>__prefix_line<span class="br0">&#41;</span>swarning: hostname .*? does not resolve to address &lt;HOST&gt;: Name or service not known$</span> <span class="re1">ignoreregex</span> <span class="sy0">=</span> &#160; <span class="re0"><span class="br0">&#91;</span>Init<span class="br0">&#93;</span></span> <span class="re1">journalmatch</span> <span class="sy0">=</span><span class="re2"> _SYSTEMD_UNIT=postfix.service</span> &#160;</pre></td></tr></tbody></table></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/834/rev-raw/c502ce479ed4984421cf5149f509750ce52fda8a/filter.d/postfix-resolve.conf" style="float: right">view raw source</a> <a href="https://p.cweiske.de/834#filter.d/postfix-resolve.conf">filter.d/postfix-resolve.conf</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <style type="text/css"></style><div class="code"><table class="local"><tbody><tr class="li1"><td class="ln"><pre class="de1">1 2 3 4 5 6 </pre></td><td class="de1"><pre class="de1">[postfix-resolve] enabled = true maxretry = 3 logpath = %(postfix_log)s backend = %(postfix_backend)s &#160;</pre></td></tr></tbody></table></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/834/rev-raw/c502ce479ed4984421cf5149f509750ce52fda8a/jail.local" style="float: right">view raw source</a> <a href="https://p.cweiske.de/834#jail.local">jail.local</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <style type="text/css"></style><div class="code"><table class="log"><tbody><tr class="li1"><td class="ln"><pre class="de1">1 </pre></td><td class="de1"><pre class="de1">Apr 22 20:28:44 ahso4 postfix/submission/smtpd[1938160]: warning: hostname dsl-187-205-215-230-dyn.prod-infinitum.com.mx does not resolve to address 187.205.215.230: Name or service not known</pre></td></tr></tbody></table></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/834/rev-raw/c502ce479ed4984421cf5149f509750ce52fda8a/mail.log" style="float: right">view raw source</a> <a href="https://p.cweiske.de/834#mail.log">mail.log</a> </div> </div> </div>