Accueil > Logiciel, Réseau > Fail2ban, POSTFIX and SPAM

Fail2ban, POSTFIX and SPAM

28/01/2014 Categories: Logiciel, Réseau Tags: , , , , ,

source: deribin.com

Very simple solution:
1) add rule to /etc/fail2ban/jail.conf:

[spam] enabled = true
filter = spam
action = iptables[name=SPAM, port=smtp, protocol=tcp] sendmail-whois[name=SPAM, dest=email@your.doamin.com, sender=fail2ban@your.domain.com] logpath = /var/log/mail.log
bantime = 3600
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx/xx
maxretry = 2

2) create filer /etc/fail2ban/filter.d/spam.conf :

[Definition] failregex = : NOQUEUE: reject: RCPT from [-._\w]+\[<HOST>\]: 554 5.7.1 Service unavailable; Client host .* blocked using.*;
ignoreregex =

3) optional change /etc/fail2ban/action.d/iptables.conf:

#actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionban = iptables -I fail2ban-<name> 1 -s <ip> -p <protocol> --dport <port> -j DROP

#actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -p <protocol> –dport <port> -j DROP

4) restart fail2ban.
5) enjoy!

Print Friendly, PDF & Email

Related Post

Les commentaires sont fermés.