[Bug 1036928] New: fail2ban-rbl regex incorrect, takes no action as a result.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 Bug ID: 1036928 Summary: fail2ban-rbl regex incorrect, takes no action as a result. Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: miukumac@outlook.com QA Contact: qa-bugs@suse.de CC: plinnell@opensuse.org Found By: --- Blocker: --- Apparently due to changes at Spamhaus, the Fail2Ban on 42.2 (and earlier) no longer function properly when using filter = postfix-rbl In filter.d/postfix-rbl.conf the following line needs to be changed; failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ -=> failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ The return code has changed from 454 and 4.7.1 to 554 and 5.7.1 respectively. The issue is present in the factory version as well. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 http://bugzilla.opensuse.org/show_bug.cgi?id=1036928#c1 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |chris@computersalat.de, | |jweberhofer@weberhofer.at Assignee|security-team@suse.de |jweberhofer@weberhofer.at --- Comment #1 from Andreas Stieger <astieger@suse.com> --- Assigning to maintainers -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 http://bugzilla.opensuse.org/show_bug.cgi?id=1036928#c2 Johannes Weberhofer <jweberhofer@weberhofer.at> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |miukumac@outlook.com Flags| |needinfo?(miukumac@outlook. | |com) --- Comment #2 from Johannes Weberhofer <jweberhofer@weberhofer.at> --- Thanks for notifying! There is a update available at https://github.com/fail2ban/fail2ban/commit/607568f5da9e6b962c43d59280d72bd6... ; I'll see to include it into the current version. @miuku it would be great if you could verify upstream's new filter works for you. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 http://bugzilla.opensuse.org/show_bug.cgi?id=1036928#c3 --- Comment #3 from Miuku . <miukumac@outlook.com> --- I can confirm that the updated RegExp line from Github does indeed work properly: ==> mail <== 2017-04-30T15:00:35.792861+03:00 ext-gw postfix/smtpd[1159]: NOQUEUE: reject: RCPT from unknown[14.230.81.243]: 554 5.7.1 Service unavailable; Client host [14.230.81.243] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/14.230.81.243; from=<xxxREMOVEDxxx> to=<xxxREMOVEDxxx> proto=ESMTP helo=<static.vnpt.vn> ==> fail2ban.log <== 2017-04-30 15:00:36,504 fail2ban.actions [32042]: NOTICE [postfix-rbl] Ban 14.230.81.243 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 http://bugzilla.opensuse.org/show_bug.cgi?id=1036928#c5 Jürgen Löhel <jloehel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |jloehel@suse.com Resolution|--- |FIXED --- Comment #5 from Jürgen Löhel <jloehel@suse.com> --- Closing as fixed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036928 Johannes Weberhofer <jweberhofer@weberhofer.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(miukumac@outlook. | |com) | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com