how to block ips from mail server

Discussion in 'Installation/Configuration' started by pawan, Nov 23, 2011.

  1. pawan

    pawan New Member

    I have blocked an IP using
    route add -host 121.35.76.51 reject

    but the same IP is still showing repeatedly in mail warn log for the login attempts like
    Nov 23 03:57:20 server1 postfix/smtpd[27250]: warning: unknown[121.35.76.51]: SASL LOGIN authentication failed: authentication failure
    Nov 23 03:57:21 server1 postfix/smtpd[27250]: warning: 121.35.76.51: hostname 51.76.35.121.broad.sz.gd.dynamic.163data.com.cn verification failed: No address associated with hostname
    Nov 23 03:57:23 server1 postfix/smtpd[27250]: warning: unknown[121.35.76.51]: SASL LOGIN authentication failed: authentication failure
    Nov 23 03:57:24 server1 postfix/smtpd[27250]: warning: 121.35.76.51: hostname 51.76.35.121.broad.sz.gd.dynamic.163data.com.cn verification failed: No address associated with hostname


    Please help.
     
  2. pititis

    pititis Member

    You can use iptables:

    iptables -A INPUT -s 121.35.76.51 -j DROP

    or use fail2ban, it block automatically.

    Cheers
     
  3. pawan

    pawan New Member

    I am already using fail2ban. but I think before fail2ban acts, the attempts to login runs in 100s of attempts, how can I set a rule that any failed attempts are acted upon immediately for say 5 failed attempts.
    Thanks
     
  4. falko

    falko Super Moderator

    You can set the number of failed login attempts in your fail2ban configuration (in the /etc/fail2ban/ directory).
     

Share This Page