diff --git a/607568f.patch b/607568f.patch new file mode 100644 index 0000000..7b55c7a --- /dev/null +++ b/607568f.patch @@ -0,0 +1,34 @@ +From 607568f5da9e6b962c43d59280d72bd678c08afa Mon Sep 17 00:00:00 2001 +From: Filippo Tessarotto +Date: Tue, 7 Feb 2017 12:58:04 +0100 +Subject: [PATCH] Postfix RBL: 554 & SMTP + +--- + config/filter.d/postfix-rbl.conf | 2 +- + fail2ban/tests/files/logs/postfix-rbl | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/config/filter.d/postfix-rbl.conf b/config/filter.d/postfix-rbl.conf +index c3f8c33..0a9078f 100644 +--- a/config/filter.d/postfix-rbl.conf ++++ b/config/filter.d/postfix-rbl.conf +@@ -12,7 +12,7 @@ before = common.conf + + _daemon = postfix(-\w+)?/smtpd + +-failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ++failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked\b + + ignoreregex = + +diff --git a/fail2ban/tests/files/logs/postfix-rbl b/fail2ban/tests/files/logs/postfix-rbl +index eff01bf..6aeac03 100644 +--- a/fail2ban/tests/files/logs/postfix-rbl ++++ b/fail2ban/tests/files/logs/postfix-rbl +@@ -3,3 +3,6 @@ Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.examp + + # failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" } + Dec 30 18:19:15 xxx postfix-incoming/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from= to= proto=ESMTP helo= ++ ++# failJSON: { "time": "2005-02-07T12:25:45", "match": true , "host": "87.236.233.182" } ++Feb 7 12:25:45 xxx12345 postfix/smtpd[13275]: NOQUEUE: reject: RCPT from unknown[87.236.233.182]: 554 5.7.1 Service unavailable; Client host [87.236.233.182] blocked using rbl.example.com; https://www.example.com/query/ip/87.236.233.182; from= to= proto=SMTP helo= diff --git a/fail2ban-0.9.6.tar.gz b/fail2ban-0.9.6.tar.gz deleted file mode 100644 index d7ff1b1..0000000 --- a/fail2ban-0.9.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1712e4eda469513fb2f44951957a4159e0fa62cb9da16ed48e7f4f4037f0b976 -size 352125 diff --git a/fail2ban-0.9.7.tar.gz b/fail2ban-0.9.7.tar.gz new file mode 100644 index 0000000..7ebfa3a --- /dev/null +++ b/fail2ban-0.9.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2817eb0d4f670bef2a79a5a9cfb824b41a4445f5a92a307a453ac95f497c7440 +size 356374 diff --git a/fail2ban.changes b/fail2ban.changes index be3169a..9758e20 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at + +- added 607568f.patch from upstream: "Postfix RBL: 554 & SMTP" + this fixes bnc#1036928 " fail2ban-rbl regex incorrect, takes no + action as a result" + +- Update to 0.9.7 + * Fixed a systemd-journal handling in fail2ban-regex + (gh#fail2ban/fail2ban#1657) + * filter.d/sshd.conf + - Fixed non-anchored part of failregex (misleading match of colon inside + IPv6 address instead of `: ` in the reason-part by missing space, + gh#fail2ban/fail2ban#1658) + (0.10th resp. IPv6 relevant only, amend for gh#fail2ban/fail2ban#1479) + * config/pathes-freebsd.conf + - Fixed filenames for apache and nginx log files (gh#fail2ban/fail2ban#1667) + * filter.d/exim.conf + - optional part `(...)` after host-name before `[IP]` + (gh#fail2ban/fail2ban#1751) + - new reason "Unrouteable address" for "rejected RCPT" regex + (gh#fail2ban/fail2ban#1762) + - match of complex time like `D=2m42s` in regex "no MAIL in SMTP + connection" (gh#fail2ban/fail2ban#1766) + * filter.d/sshd.conf + - new aggressive rules (gh#fail2ban/fail2ban#864): + - Connection reset by peer (multi-line rule during authorization process) + - No supported authentication methods available + - single line and multi-line expression optimized, added optional prefixes + and suffix (logged from several ssh versions), according + to gh#fail2ban/fail2ban#1206; + - fixed expression received disconnect auth fail (optional space after port + part, gh#fail2ban/fail2ban#1652) + and suffix (logged from several ssh versions), according to gh#fail2ban/fail2ban#1206; + * filter.d/suhosin.conf + - greedy catch-all before `` fixed (potential vulnerability) + * filter.d/cyrus-imap.conf + - accept entries without login-info resp. hostname before IP address (#fail2ban/fail2ban#707) + * Filter tests extended with check of all config-regexp, that contains greedy catch-all + before ``, that is hard-anchored at end or precise sub expression after `` + +* New Actions: + - action.d/netscaler: Block IPs on a Citrix Netscaler ADC (gh#fail2ban/fail2ban#1663) + +* New Filters: + - filter.d/domino-smtp: IBM Domino SMTP task (gh#fail2ban/fail2ban#1603) + +* Introduced new log-level `MSG` (as INFO-2, equivalent to 18) + ------------------------------------------------------------------- Sun Mar 5 12:56:10 UTC 2017 - wagner-thomas@gmx.at diff --git a/fail2ban.spec b/fail2ban.spec index c87e571..6837371 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -17,7 +17,7 @@ Name: fail2ban -Version: 0.9.6 +Version: 0.9.7 Release: 0 Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0+ @@ -37,6 +37,8 @@ Source200: %{name}-rpmlintrc Patch100: %{name}-opensuse-locations.patch # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file Patch101: %{name}-opensuse-service.patch +# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP +Patch102: 607568f.patch # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases Patch200: %{name}-disable-iptables-w-option.patch BuildRequires: fdupes @@ -97,8 +99,8 @@ reason, i.e. SFW will always run first because it does a table flush. %define nagios_plugindir %{_libexecdir}/nagios/plugins Summary: Check fail2ban server and how many IPs are currently banned Group: System/Monitoring -Provides: nagios-plugins-%{name}=%{version} -Obsoletes: nagios-plugins-%{name}<%{version} +Provides: nagios-plugins-%{name} = %{version} +Obsoletes: nagios-plugins-%{name} < %{version} %description -n monitoring-plugins-%{name} This plugin checks if the fail2ban server is running and how many IPs are @@ -119,6 +121,7 @@ sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf %patch100 %patch101 +%patch102 -p1 %if 0%{?suse_version} < 1310 %patch200 -p1 %endif