[arch-general] Automated check log and block postfix

SET set at nmset.info
Wed Jan 1 10:48:20 UTC 2020

Le mercredi 1 janvier 2020 10:27:02 CET siefke_listen at web.de a écrit :
> I have fail2ban installed but there is nothing happen with. Okay is connect
> and disconnect. No error message. I not understand why is so but is ok.
> Is there a way to cat this mess and write it automated to iptables? Is
> there other way to catch it with a tool? Would be great have someone
> an idea here.

As far as I understand, you want to automate blocking  IPV4 addresses to 
access the submission port too often.

If you install xtables-addons, this may help :

iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name 
XT_SUB --set
iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name 
XT_SUB --update --seconds 180 --hitcount 5 --rttl -j DROP

Adapt -i to your system, and tune --seconds plus --hitcount to your 

iptables -m recent --help

for more information. It's quite complex.

I've got rather good results with this. But you may also block yourself or 
other legitimate access. This may not fit large professional setups, rather 
your own postfix instance for personal use.


More information about the arch-general mailing list