fail2ban failregex besser verstehen

faber38

New Member
Hallo..
ich würde gerne folgende Zeile im Filter aufnehmen(sperren)
server postfix/smtpd[18671]: warning: hostname no-reverse-dns-configured.com does not resolve to address 89.248.162.178: Name or service not known

nun hab ich eine /filter.d/postfix-hostname.conf erstellt
...............................
[Definition]
failregex = "warning: hostname" does not resolve to address <HOST> : Name or service not known
ignoreregex =

.............................

und in der jail.conf
........................
[postfix-hostname]
enabled = true
port = smtp
filter = postfix-hostname
logpath = /var/log/mail.log
bantime = 1209600
maxretry = 2
.................................
eingefügt.

obs funktioiert weiss ich nicht...aber vielleicht kennt sich ja einer damit aus um mir unter den Armen zugreifen
im Log-file sieht alles sauber aus...
bisher hat aber der filter noch kein Futter bekommen.
 

faber38

New Member
habe die Richtigen Zeilen
Code:
[INCLUDES]

before = common.conf

[Definition]

_daemon = (?:postfix/smtpd|postfix/submission/smtpd)

failregex =  ^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$

ignoreregex =

jetzt geht es
 

faber38

New Member
in meinem log taucht folgendes auf
Code:
Mar 22 16:40:08 server postfix/submission/smtpd[20672]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:15 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:16 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:17 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:18 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:29 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:52 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:53 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:54 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 16:43:55 server postfix/submission/smtpd[20957]: warning: hostname 191.33.180.117.dynamic.adsl.gvt.net.br does not resolve to address 191.33.180.117: Name or service not known
Mar 22 17:20:54 server postfix/smtpd[25475]: warning: hostname static.vdc.com.vn does not resolve to address 14.161.6.23: Name or service not known
damit wird das ganze von mir geblockt.
natürlich kann man diese Zeile auch in der postfix-sasl.conf eintragen
 

nowayback

Well-Known Member
du kannst die mails auch einfach durch postfix ablehnen lassen, wenn ip/dns und reversedns nicht zusammen passen. dafür nen iptables eintrag pro ip zu generieren ist mMn to much (siehe: reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain)
 

Werbung

Top