Home*NIX related stuff

Fail2ban, POSTFIX and SPAM

25 July, 2010 - 21:14 — deribin

Very simple solution:
1) add rule to /etc/fail2ban/jail.conf:

[spam]
enabled = true
filter = spam
action = iptables[name=SPAM, port=smtp, protocol=tcp]
sendmail-whois[name=SPAM, dest=email@your.doamin.com, sender=fail2ban@your.domain.com]
logpath = /var/log/mail.log
bantime = 3600
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx/xx
maxretry = 2

2) create filer /etc/fail2ban/filter.d/spam.conf :

[Definition]
failregex = : NOQUEUE: reject: RCPT from [-._\w]+\[<HOST>\]: 554 5.7.1 Service unavailable; Client host .* blocked using.*;
ignoreregex =

3) optional change /etc/fail2ban/action.d/iptables.conf:

#actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionban = iptables -I fail2ban-<name> 1 -s <ip> -p <protocol> --dport <port> -j DROP

#actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -p <protocol> --dport <port> -j DROP

4) restart fail2ban.
5) enjoy!

‹ DVD ripping with Linux.upGeolocation Tools ›

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.