# Fail2Ban filter for selected Postfix SMTP rejections
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: .* Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=E?SMTP helo=<\S*>$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: .* Helo command rejected: Host not found .*$
            ^%(__prefix_line)sNOQUEUE: reject: EHLO from \S+\[<HOST>\]: .* <\S+>: Helo command rejected: need fully-qualified hostname;.*$
            ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: .*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: .* <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=E?SMTP helo=<\S*>$
            ^%(__prefix_line)simproper command pipelining after \S+ from \[<HOST>\]:.*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: .* Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

ignoreregex = 

[Init]

journalmatch = _SYSTEMD_UNIT=postfix.service

# Author: Cyril Jaquier
# Author: Wizardry and Steamworks