On 17/06/2024 01:46, Alex wrote:
Hi,
> BTW, I can't crack it for the moment.
OK so this isn't going to be quite so neat. You need to add a line:
^RCPT from [^[]*\[<HOST>\]%(_port)s:? 550 5\.5\.1 Protocol error;
to the mdre-normal section. Generally the recommended way is to
create a
postfix.local file, but this would need to contain:
This got mangled by gmail, but I was able to copy the postfix.conf to
postfix.local and make it somewhat resemble what you pasted, and it
appears to work.
It's what I had also done originally, but had the formal wrong - I
thought it more replaced the postfix.conf rather than supplement it.
mdre-normal=^RCPT from [^[]*\[<HOST>\]%(_port)s: 55[04] 5\.7\.1\s
^RCPT from [^[]*\[<HOST>\]%(_port)s: 45[04] 4\.7\.\d+
I still don't understand the difference between mdre-* and mdpr-* :-(
I struggled with that yesterday because I don't understand <F-CONTENT>
Also, how does it match 'postscreen' when the prefix doesn't contain
that phrase?
_daemon = postfix(-\w+)?/\w+(?:/smtp[ds])?
The \w+ catches one or more letters/numbers/"a few other bits like _" so
catches postscreen. I don't really see the point of (?:/smtp[ds])? as it
is optional (the trailing ?).
prefregex = ^%(__prefix_line)s<mdpr-<mode>> <F-CONTENT>.+</F-CONTENT>$
I have not managed to decode this line, but it looks like the prefregex
matches ^%(__prefix_line)s directly followed by the mdpr-* string. The
^%(__prefix_line)s matches the date, server and daemon strings.
The failregex is mdre-<mode> which has to appear after the mdre-* string
Thanks,
Alex
Someone with very detailed knowledge of regex has been playing a lot
with this filter and it makes it hard to read. Why are there so many
^[]* and what do they mean? I am sure there is a much easier way of
expressing it. Similarly there are many ?: and ?! which I think are OTT
and make it harder to read.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
