From: Fail2ban M. <fai...@ri...> - 2014-02-14 19:00:41
|
Am 14.02.2014 19:28, schrieb Steven Hiscocks: > Andreas, > > I'd recommend updating fail2ban to the latest version, or at least > updating the `postfix.conf`. It has a few more regex's which may help > (554 and 550 response code regex's), and also the one you are using has > a known exploit for denial of service (CVE-2013-7176). > > On 14/02/14 18:12, Fail2ban Mailingliste wrote: >> Hi there, >> >> I've changed my mailserver to recent version of postfix and changed the >> config to postscreen. The mailserver is running fine but fail2ban didn't >> ban the spammers after the change of postscreen. >> >> Here are some logs: >> >> [root@mail fail2ban]# fail2ban-regex /var/log/maillog >> /etc/fail2ban/filter.d/postfix.conf >> >> Running tests >> ============= >> >> Use failregex file : /etc/fail2ban/filter.d/postfix.conf >> Use log file : /var/log/maillog >> >> >> Results >> ======= >> >> Failregex: 3 total >> |- #) [# of hits] regular expression >> | 5) [3] reject: RCPT from (.*)\[<HOST>\]:([0-9]{4,5}:)? 550 >> `- >> >> Ignoreregex: 0 total >> >> Date template hits: >> |- [# of hits] date format >> | [7234] MONTH Day Hour:Minute:Second >> `- >> >> Lines: 7234 lines, 0 ignored, 3 matched, 7231 missed >> Missed line(s):: too many to print. Use --print-all-missed to print all >> 7231 lines >> [root@mail fail2ban]# >> >> First Question: what does the last 2 rows mean? >> Second: there are 3 Result, but no ban, why? >> >> Example >> [root@mail fail2ban]# grep "NOQUEUE: reject: RCPT from >> vm-moneyweb03.vm.hosting.co.za" /var/log/maillog | wc -l >> 24 >> >> >> [root@mail fail2ban]# >> >> /etc/fail2ban/jail.conf >> >> .... >> [postfix-tcpwrapper] >> >> enabled = true >> filter = postfix >> action = iptables[name=postfix, port=smtp, protocol=tcp] >> sendmail[name=Postfix, dest=pos...@ri...] >> logpath = /var/log/maillog >> bantime = 3600 >> maxretry = 2 >> >> ...... >> >> Can anybody help me to get it work? >> >> >> Thanks >> >> Andreas >> >> ------------------------------------------------------------------------------ >> Android apps run on BlackBerry 10 >> Introducing the new BlackBerry 10.2.1 Runtime for Android apps. >> Now with support for Jelly Bean, Bluetooth, Mapview and more. >> Get your Android app in front of a whole new audience. Start now. >> http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > Hi Steven, thank you for the fast reply. I've updated my system (CentOS 6.5) to fail2ban-0.8.12 but the failregex didn't find anything: [root@mail fail2ban-0.8.12]# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf Running tests ============= Use failregex file : /etc/fail2ban/filter.d/postfix.conf Use log file : /var/log/maillog Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [7432] MONTH Day Hour:Minute:Second `- Lines: 7432 lines, 0 ignored, 0 matched, 7432 missed Missed line(s):: too many to print. Use --print-all-missed to print all 7432 lines [root@mail fail2ban-0.8.12]# Thanks Andreas |