Bug ID 1036928
Summary fail2ban-rbl regex incorrect, takes no action as a result.
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS openSUSE 42.2
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter miukumac@outlook.com
QA Contact qa-bugs@suse.de
CC plinnell@opensuse.org
Found By ---
Blocker --- 

Apparently due to changes at Spamhaus, the Fail2Ban on 42.2 (and earlier) no
longer function properly when using filter = postfix-rbl

In filter.d/postfix-rbl.conf the following line needs to be changed;

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454
4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*>
to=<\S+> proto=ESMTP helo=<\S*>$

-=>

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554
5\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*>
to=<\S+> proto=ESMTP helo=<\S*>$

The return code has changed from 454 and 4.7.1 to 554 and 5.7.1 respectively.

The issue is present in the factory version as well.

You are receiving this mail because: