Re: [Fail2ban-users] Regex for Postfix

Fri, 19 Jun 2015 15:59:18 -0700 

On Sat, 20 Jun 2015 00:00:48 +0200, Tom Hendrikx stated:

>On 19-06-15 21:25, Carmel NY wrote:
>> I just started using 'fail2ban" and have not figured out how to
>> create a custom filter.
>> 
>> I am running Postfix-3.0.1 on a FreeBSD 10.1 system. My mail-log is
>> filling up with entries like this:
>> 
>> Jun 19 06:29:40 scorpio postfix/smtpd[45535]: warning: hostname 
>> abts-mum-static-025.109.170.122.airtelbroadband.in does not resolve
>> to address 122.170.109.25: hostname nor servname provided, or not
>> known
>> 
>> That is all on one line, although it is shown wrapped here.
>> 
>> "fail2ban" is not catching this. I need to create a rule that would
>> catch "hostname nor servname provided, or not known" or ""address
>> <IP>: hostname nor servname provided, or not known" for it but I am
>> not sure exactly how. I would appreciate it if someone could assist
>> me.
>> 
>
>These are warnings from postfix, they happen because the mail server
>has unexpected dns records, or because your dns setup is screwed up.
>
>While these warnings pop up more with spamming machines than with
>valid mail servers, they are not uncommon for valid senders. So don't
>block access based on these warnings.
>
>If you really want to block mail delivery for all senders that have
>DNS setup issues, you should look into the postfix config parameter
>"reject_unknown_reverse_client_hostname" or even
>"reject_unknown_client_hostname": they make postfix reject those
>connections directly.
>
>Tom

I am already using it, and postfix is rejecting the mail. What I want to do
is block the attempts completely. In this case, I added the IP to my IPFW
firewall. The IP apparently resolves to Australia. I have no legitimate mail
coming from there.

smtpd_client_restrictions = permit_mynetworks
                                                reject_unknown_client_hostname
                                                reject_unauth_pipelining
                                                permit_sasl_authenticated

-- 
Carmel

------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to