[arch-general] Automated check log and block postfix
SET
set at nmset.info
Wed Jan 1 10:48:20 UTC 2020
Le mercredi 1 janvier 2020 10:27:02 CET siefke_listen at web.de a écrit :
> I have fail2ban installed but there is nothing happen with. Okay is connect
> and disconnect. No error message. I not understand why is so but is ok.
>
> Is there a way to cat this mess and write it automated to iptables? Is
> there other way to catch it with a tool? Would be great have someone
> an idea here.
>
As far as I understand, you want to automate blocking IPV4 addresses to
access the submission port too often.
If you install xtables-addons, this may help :
iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name
XT_SUB --set
iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name
XT_SUB --update --seconds 180 --hitcount 5 --rttl -j DROP
Adapt -i to your system, and tune --seconds plus --hitcount to your
requirements.
iptables -m recent --help
for more information. It's quite complex.
I've got rather good results with this. But you may also block yourself or
other legitimate access. This may not fit large professional setups, rather
your own postfix instance for personal use.
Regards.
More information about the arch-general
mailing list