HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   postfix unauthorised connection (http://www.howtoforge.com/forums/showthread.php?t=60768)

pawan 2nd March 2013 10:16

postfix unauthorised connection
 
This type of lines appear frequently in mail.log

Code:

Mar 2 13:21:59 server1 postfix/smtpd[13724]: 327182100710: client=postwall04.smp.mweb.co.za[196.28.76.24]
Mar 2 13:21:59 server1 postfix/smtpd[13724]: disconnect from postwall04.smp.mweb.co.za[196.28.76.24]

Code:

Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection rate 1/60s for (smtp:110.205.36.26) at Mar 2 13:23:23
Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection count 1 for (smtp:110.205.36.26) at Mar 2 13:23:23
Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max message rate 1/60s for (smtp:196.28.76.24) at Mar 2 13:21:58

How can I block such connections?

florian030 2nd March 2013 13:32

You can add the IP to your firewall. Iīm not sure how you can setup this with your shown log-entries. I use postfix with postscreen and add blocked IPs to the firewall using syslog-ng. This could be done also with rsyslog.

pawan 2nd March 2013 14:41

Thanks, I am using fail2ban.
But no idea, what regex I should use to ban these occurrences.

florian030 2nd March 2013 14:53

As mentioned above you canīt use these log-lines (just connect and disconnect) with fail2ban. Otherwise you will block EVERY connection. You better give postscreen a try.... http://blog.schaal-24.de/?p=661&lang=en


All times are GMT +2. The time now is 01:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.