View Single Post
  #11  
Old 11th June 2009, 17:10
davew davew is offline
Junior Member
 
Join Date: May 2009
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

You can set something similar up with fail2ban using the supplied postfix filter assuming you are running fail2ban,

In /etc/fail2ban/jail.conf add something like the following...
Code:
[postfix-tcpwrapper]

enabled  = true
filter   = postfix
action   = hostsdeny
           sendmail[name=Postfix, dest=you@yourdomain.net]
logpath  = /var/log/maillog
maxretry = 3
bantime  = 900
findtime  = 900
then restart fail2ban

Code:
service fail2ban restart
This will block access to all services on your server for 15 minutes to anyone who tries to send mail to 3 unknown recipients within a 15 minute period.
Obviously you can tweak the settings to suit your own preferences.

Don't forget to change the email address for notifications and maybe add known safe IPs to the
Code:
ignoreip = 127.0.0.1
value near the top of the file.
Reply With Quote
Sponsored Links