filter.d/postfix.conf: add Sender address rejected: Malformed DNS ser…

…ver reply (#3590) * add Sender address rejected: Malformed DNS server reply
fail2ban · Mar 19, 2024 · 0c125ec · 0c125ec
1 parent 77b052f
commit 0c125ec
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
@@ -20,7 +20,7 @@ prefregex = ^%(__prefix_line)s<mdpr-<mode>> <F-CONTENT>.+</F-CONTENT>$
 exre-user = |[Uu](?:ser unknown|ndeliverable address)  ; pragma: codespell-ignore
 
 mdpr-normal = (?:\w+: (?:milter-)?reject:|(?:improper command pipelining|too many errors) after \S+)
-mdre-normal=^%(_pref)s from [^[]*\[<HOST>\]%(_port)s: [45][50][04] [45]\.\d\.\d+ (?:(?:<[^>]*>)?: )?(?:(?:Helo command|(?:Sender|Recipient) address) rejected: )?(?:Service unavailable|Access denied|(?:Client host|Command|Data command) rejected|Relay access denied|(?:Host|Domain) not found|need fully-qualified hostname|match%(exre-user)s)\b
+mdre-normal=^%(_pref)s from [^[]*\[<HOST>\]%(_port)s: [45][50][04] [45]\.\d\.\d+ (?:(?:<[^>]*>)?: )?(?:(?:Helo command|(?:Sender|Recipient) address) rejected: )?(?:Service unavailable|Access denied|(?:Client host|Command|Data command) rejected|Relay access denied|Malformed DNS server reply|(?:Host|Domain) not found|need fully-qualified hostname|match%(exre-user)s)\b
             ^from [^[]*\[<HOST>\]%(_port)s:?
 
 mdpr-auth = warning:

diff --git a/fail2ban/tests/files/logs/postfix b/fail2ban/tests/files/logs/postfix
@@ -12,6 +12,8 @@ Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.1
 Jul 18 23:12:56 xxx postfix/smtpd[1938]: NOQUEUE: reject: RCPT from unknown[192.0.2.236]: 554 5.7.1 <dom.tld>: Helo command rejected: Access denied; from=<ADMINISTRATOR@dom.tld> to=<lp@dom.tld> proto=ESMTP helo=<dom.tld>
 # failJSON: { "time": "2005-07-18T23:12:56", "match": true , "host": "192.51.100.43" }
 Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.43]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> to=<foo@porcupine.org> proto=SMTP helo=<192.51.100.43>
+# failJSON: { "time": "2005-07-18T23:12:57", "match": true , "host": "192.51.100.143", "desc": "gh-3590" }
+Jul 18 23:12:57 xxx postfix/smtpd[8722]: NOQUEUE: reject: RCPT from foo[192.51.100.143]: 450 4.1.8 <foo@bad.domain>: Sender address rejected: Malformed DNS server reply; from=<foo@bad.domain> to=<foo@porcupine.org> proto=SMTP helo=<192.51.100.143>
 # failJSON: { "time": "2005-08-10T10:55:38", "match": true , "host": "72.53.132.234" }
 Aug 10 10:55:38 f-vanier-bourgeois postfix/smtpd[2162]: NOQUEUE: reject: VRFY from 72-53-132-234.cpe.distributel.net[72.53.132.234]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient tab
 # failJSON: { "time": "2005-08-13T15:45:46", "match": true , "host": "192.0.2.1" }