> > >> I find the postfix filters really hard to follow, but as far as I can >> see, if you go down your route, you then need to activate your protocol >> filters by building them into something like mdpr-extra/mdre-extra or have >> another jail just calling "mode=proto". >> >> Now, mdre-proto is already part of mdre-normal which seems to be called >> by every filter so could be unnecessary. You could add a new line to >> mdpr-normal if you wanted and your filter would work with "mode = more", or >> you could adjust the mdpr-normal directly. Note that to do an override, you >> generally leave the filter.d/postfix.conf alone and create a >> filter.d/postfix.local. In it you could put: >> >> [Definition] >> mdpr-normal = (?:\w+: reject:|(?:improper command pipelining|too many >> errors) after \S+) >> Protocol error; >> > > Adding the above did not work. Before I create a new filter that only > processes these events, do you have any other ideas on what I should do? >
I should have repeated that I'm trying to modify the postfix filter to also identify these postscreen lines: Jun 15 22:00:00 xavier postfix-116/postscreen[1600704]: NOQUEUE: reject: RCPT from [72.18.139.104]:42495: 550 5.5.1 Protocol error; from=< webmas...@mytrueguide.com>, to=<saleschamp...@example.com>, proto=SMTP, helo=<rdnsq98.mytrueguide.com> > > Thanks, > Alex > >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
