You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: regex.custom.pm
+7Lines changed: 7 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -267,6 +267,13 @@ if (($config{LF_SMTPAUTH}) and ($globlogs{SMTPAUTH_LOG}{$lgfile}) and ($line =~
267
267
if (&checkip($ip)) {return ("Email Spam: blocked using $4","$ip|$acc","Email Spam - Spoofing")} else {return}
268
268
}
269
269
270
+
# Helo command rejected: Host not found
271
+
if (($config{LF_SMTPAUTH}) and ($globlogs{SMTPAUTH_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: NOQUEUE: reject: RCPT from \S+\[(\S+)\]: 450 4\.7\.1 (\S+): (Helo command rejected: Host not found)/)) {
272
+
$ip = $1; $acc = "";
273
+
$ip =~ s/^::ffff://;
274
+
if (&checkip($ip)) {return ("$3","$ip|$acc","Spoofing")} else {return}
275
+
}
276
+
270
277
# If the matches in this file are not syntactically correct for perl then lfd
271
278
# will fail with an error. You are responsible for the security of any regex
272
279
# expressions you use. Remember that log file spoofing can exploit poorly
0 commit comments