I think its working
I am running the new Debian (Lenny)
apt-get install fail2ban and edit and add filter
All I did was edit the stock
file and add in additional jail.
here is what I did in my jail.conf file. You can note the regular psotfix entry above mine. I just copied that one and added my name and retrys to 3 (make sure you enable)
Quote:
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
[postfix-spamers550]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 3
|
I called it postfix-spamers550 sorta wanted a name that represents it best. It will refine over time then I copied the regular postfix filter in the
directory and resaved it as
here it is
Quote:
# Fail2Ban configuration file
#
# Author: Michael Angel
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the Recipient address rejected: User unknown in
# local recipient table failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6} ?(?P<host>\S+)
# Values: TEXT
#
#
failregex = reject: RCPT from (.*)\[<HOST>\]: 550
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
|
Nice and simple then I restarted everything
now I have one domain that gets hit like crazy and I moved it over to this test server and have had it running for at least a hour now and traffic has slowed down.. i mean I can actualy cat the mail.log |tail end of it and it does not move like it did
I am still worried that therre is something I am not thinking of that blocking after 3 tries is gunna cause