On 2016-07-26 19:55, Lefteris Tsintjelis wrote:
On 26 Jul 2016, at 20:36, Benny Pedersen <[email protected]> wrote:
fail2ban based on pbl, but in fail2ban whitelist isp you have users in
Is log parsing the only way?
if you dont like maintained solutions yes
note keep a long blacklist time on pbl listnings
# postfix jail.d
[DEFAULT]
ignoreip = add you userss ips here
# for all
bantime = 86400
findtime = 600
maxretry = 1
action = shorewall-drop
logpath = /var/log/messages
logencoding = utf-8
[sbl_spamhaus_org]
enabled = false
filter = postfix_dnslog_sbl_spamhaus_org
[xbl_spamhaus_org]
enabled = false
filter = postfix_dnslog_xbl_spamhaus_org
[css_spamhaus_org]
enabled = false
filter = postfix_dnslog_css_spamhaus_org
[pbl_spamhaus_org]
enabled = true
filter = postfix_dnslog_pbl_spamhaus_org
# it can be combined into one rule with multiple filers
# postfix_dnslog_css_spamhaus_org.local
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.3
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = addr <HOST> listed by domain list.dnswl.org as
# addr <HOST> listed by domain swl.spamhaus.org as
ignoreregex =
# postfix_dnslog_pbl_spamhaus_org.local
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.10
addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.11
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
# ignoreregex = addr <HOST> listed by domain list.dnswl.org as
# addr <HOST> listed by domain swl.spamhaus.org as
ignoreregex =
# postfix_dnslog_sbl_spamhaus_org.local
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.2
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = addr <HOST> listed by domain list.dnswl.org as
# addr <HOST> listed by domain swl.spamhaus.org as
ignoreregex =
# postfix_dnslog_xbl_spamhaus_org.local
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 728 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.4
addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.5
addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.6
addr <HOST> listed by domain zen.spamhaus.org as 127.0.0.7
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
#ignoreregex = addr <HOST> listed by domain list.dnswl.org as
# addr <HOST> listed by domain swl.spamhaus.org as
ignoreregex =
sorry for long posting
