« Sitemaps
cups-pdf »

fail2ban rule for Postfix

I wrote a nice little fail2ban rule for Postfix which blocks IP addresses that try to send mail to unrecognised senders and people trying to relay. Read more to find it. ;) 

[Postfix-Rejected]
# Option:  enabled
# Notes.:  enable monitoring for this section.
# Values:  [true | false]  Default:  true
#
enabled = true

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default: smtp
#
port = smtp

# Option:  logfile
# Notes.:  logfile to monitor.
# Values:  FILE  Default:  /var/log/mail.log
#
logfile = /var/log/mail.info

# Option:  timeregex
# Notes.:  regex to match timestamp in postfix logfile.
# Values:  [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option:  timepattern
# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile.
# Values:  TEXT  Default:  NOQUEUE: reject: RCPT from \S*\[(?P\S*)\]: 550 <\S*>: Recipient address rejected
#
failregex = NOQUEUE: reject: RCPT from \S*\[(?P\S*)\]: 550 <\S*>: Recipient address rejected

[Postfix-Deny-Relay]
# Option:  enabled
# Notes.:  enable monitoring for this section.
# Values:  [true | false]  Default:  true
#
enabled = true

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default: smtp
#
port = smtp

# Option:  logfile
# Notes.:  logfile to monitor.
# Values:  FILE  Default:  /var/log/mail.log
#
logfile = /var/log/mail.info

# Option:  timeregex
# Notes.:  regex to match timestamp in postfix logfile.
# Values:  [Mar 7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option:  timepattern
# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile.
# Values:  TEXT  Default:  NOQUEUE: reject: RCPT from \S*\[(?P\S*)\]: 554 <\S*>: Recipient address rejected
#
failregex = NOQUEUE: reject: RCPT from \S*\[(?P\S*)\]: 554 <\S*>: Recipient address rejected

This entry was posted on Thursday, July 20th, 2006 at 11:56 am and is filed under Code Snippets, Linux, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “fail2ban rule for Postfix”

  2. Deus Ex says:
    December 22, 2008 at 1:16 am

    Thanks a lot! I’ve been looking for it forever!! :)

Leave a Reply

Content Copyright © 2005-2008 Chris Smith. All Rights Reserved.