On 2015-06-18 12:52 pm, Julio Cesar Covolato wrote:
On 18/06/2015 14:44, Wietse Venema wrote:
Some tools understand smtpd logging very well, but they need to be
updated because postscreen logging is different. Wietse
Is there any "recent" Howto or like, for fail2ban and postfix
(postscreen, sasl, user unknow, etc...)?
Regards,
-----------------------------
_ EngÂș Julio Cesar Covolato
0v0 <ju...@psi.com.br>
/(_)\ F: 55-11-3129-3366
^ ^ PSI INTERNET
-----------------------------
Here are a couple of regular expressions I've added to
/etc/fail2ban/filter.d/postfix.conf
The first catches anything blocked by RBLs in postscreen. The second
catches unauthorized relay attempts.
NOQUEUE: reject: RCPT from (.*)\[<HOST>\]:([0-9]{4,5}:)? 55[04].*Service
unavailable.*blocked using
NOQUEUE: reject: RCPT from (.*)\[<HOST>\]:([0-9]{4,5}:)? 454
4.7.1.*Relay access denied
