postfix smtpd_client_port_logging=yes

Issue #150 new
Former user created an issue

Postfix has a "smtpd_client_port_logging" main.cf option which as you'd guess logs the source port (which can be handy if you need to trace an origin in NAT logs or through CGN port ranges), but sshguard's current rules don't support it.

Here are some src/parser/tests.txt tests to cover them:

2022-04-14T00:36:03.150Z mailhub postfix/smtps/smtpd[30543]: warning: unknown[122.166.249.154]:48123: SASL LOGIN authentication failed: UGFzc3dvcmQ6
260 122.166.249.154 4 10
M
2022-04-14T00:16:57.566Z mailhub postfix/smtps/smtpd[90800]: lost connection after AUTH from 201.130.128.222.ded.telnor.net[201.130.128.222]:59123
260 201.130.128.222 4 10
M

This change covers the (probably more important) case of SASL auth failure:

-<postfix_loginerr>"]: SASL "[-A-Z0-9]+" authentication fail".*    { BEGIN(INITIAL); return POSTFIX_SASL_LOGINERR_SUFF; }
+<postfix_loginerr>"]:"([0-9:]*)?" SASL "[-A-Z0-9]+" authentication fail".*    { BEGIN(INITIAL); return POSTFIX_SASL_LOGINERR_SUFF; }

I haven't figured out a suitable change for "lost connection after AUTH from" yet.

Comments (0)

  1. Log in to comment