-
Notifications
You must be signed in to change notification settings - Fork 0
/
postfix-extra.conf
44 lines (30 loc) · 1.83 KB
/
postfix-extra.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Fail2Ban filter for selected Postfix SMTP riffraff
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = postfix/(submission/)?smtp(d|s)
failregex = ^%(__prefix_line)swarning: non-SMTP command from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after CONNECT from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after EHLO from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after AUTH from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after RCPT from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after STARTTLS from \S+\[<HOST>\].*$
^%(__prefix_line)slost connection after UNKNOWN from \S+\[<HOST>\].*$
^%(__prefix_line)sdisconnect from \S+\[<HOST>\] quit=1 commands=1.*$
^%(__prefix_line)sdisconnect from \S+\[<HOST>\] ehlo=1 quit=1 commands=2.*$
^%(__prefix_line)sdisconnect from \S+\[<HOST>\] ehlo=1 auth=0/1 quit=1 commands=2/3.*$
^%(__prefix_line)sdisconnect from \S+\[<HOST>\] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4.*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:.*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 <\S*>: Relay access denied; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2 <\S*>: Helo command rejected: need fully-qualified hostname; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
# ^.*connect from.*\n.*disconnect from \S+\[<HOST>\].*$
# ^%(__prefix_line)sdisconnect from \S+\[<HOST>\].*$
ignoreregex =
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
maxlines = 2
# Author: Gary Gapinski