Postfix

From Fail2ban
Jump to: navigation, search

Postfix is a free software / open source mail transfer agent (MTA), a computer program for the routing and delivery of email. It is intended as a fast, easy-to-administer, and secure alternative to the widely-used Sendmail MTA.

From Wikipedia, the free encyclopedia



Postfix 2.3.8 - Dovecot SASL

  • Jan 25 08:16:05 emailserver postfix/smtpd[17764]: NOQUEUE: reject: RCPT from gate.abc.com[192.0.2.1]: 550 5.1.1 <OID.Admin@example.org>: Recipient address rejected: User unknown in local recipient table; from=<sillyperson@abc.com> to=<OID.Admin@example.org> proto=ESMTP helo=<gate.example.com>
  • Jan 7 11:36:41 emailserver postfix/smtpd[13688]: warning: passwordhacker.abc.com[192.0.2.19]: SASL PLAIN authentication failed:


Failregex

The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.


failregex = reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
            reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
            reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1