Skip to content

Commit eb2f0c9

Browse files
committed
ENH: Improve postfix regex and add more samples
1 parent a012b54 commit eb2f0c9

File tree

2 files changed

+15
-2
lines changed

2 files changed

+15
-2
lines changed

Diff for: config/filter.d/postfix.conf

+11-2
Original file line numberDiff line numberDiff line change
@@ -4,17 +4,26 @@
44
#
55
#
66

7+
[INCLUDES]
8+
9+
# Read common prefixes. If any customizations available -- read them from
10+
# common.local
11+
before = common.conf
12+
13+
714
[Definition]
815

16+
_daemon = postfix/smtpd
17+
918
# Option: failregex
1019
# Notes.: regex to match the password failures messages in the logfile. The
1120
# host must be matched by a group named "host". The tag "<HOST>" can
1221
# be used for standard IP/hostname matching and is only an alias for
1322
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
1423
# Values: TEXT
1524
#
16-
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
17-
reject: RCPT from (.*)\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
25+
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
26+
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
1827

1928
# Option: ignoreregex
2029
# Notes.: regex to ignore. If this regex matches, the line is ignored.

Diff for: testcases/files/logs/postfix

+4
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,7 @@
44
Feb 21 09:21:54 xxx postfix/smtpd[14398]: NOQUEUE: reject: RCPT from example.com[192.0.43.10]: 450 4.7.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo=
55
# failJSON: { "time": "2005-07-12T07:47:48", "match": true , "host": "1.2.3.4" }
66
Jul 12 07:47:48 saturn postfix/smtpd[8738]: NOQUEUE: reject: RCPT from 1-2-3-4-example.com[1.2.3.4]: 554 5.7.1 <smtp@example.com>: Relay access denied; from=<john@example.com> to=<smtp@example.org> proto=SMTP helo=<198.51.100.17>
7+
# failJSON: { "time": "2005-07-18T23:12:56", "match": true , "host": "192.51.100.65" }
8+
Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.65]: 554 5.7.1 <bad.domain>: Helo command rejected: match bad.domain; from=<foo@good.domain> to=<foo@porcupine.org> proto=SMTP helo=<bad.domain>
9+
# failJSON: { "time": "2005-07-18T23:12:56", "match": true , "host": "192.51.100.43" }
10+
Jul 18 23:12:56 xxx postfix/smtpd[8738]: NOQUEUE: reject: RCPT from foo[192.51.100.43]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> to=<foo@porcupine.org> proto=SMTP helo=<192.51.100.43>

0 commit comments

Comments
 (0)