Le mercredi 1 janvier 2020 10:27:02 CET siefke_listen@web.de a écrit :
I have fail2ban installed but there is nothing happen with. Okay is connect and disconnect. No error message. I not understand why is so but is ok.
Is there a way to cat this mess and write it automated to iptables? Is there other way to catch it with a tool? Would be great have someone an idea here.
As far as I understand, you want to automate blocking IPV4 addresses to access the submission port too often. If you install xtables-addons, this may help : iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name XT_SUB --set iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name XT_SUB --update --seconds 180 --hitcount 5 --rttl -j DROP Adapt -i to your system, and tune --seconds plus --hitcount to your requirements. iptables -m recent --help for more information. It's quite complex. I've got rather good results with this. But you may also block yourself or other legitimate access. This may not fit large professional setups, rather your own postfix instance for personal use. Regards.