Fail2ban, POSTFIX and SPAM
source: deribin.com
Very simple solution:
1) add rule to /etc/fail2ban/jail.conf:
[spam]
enabled = true
filter = spam
action = iptables[name=SPAM, port=smtp, protocol=tcp]
sendmail-whois[name=SPAM, dest=email@your.doamin.com, sender=fail2ban@your.domain.com]
logpath = /var/log/mail.log
bantime = 3600
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx/xx
maxretry = 2
2) create filer /etc/fail2ban/filter.d/spam.conf :
[Definition]
failregex = : NOQUEUE: reject: RCPT from [-._\w]+\[<HOST>\]: 554 5.7.1 Service unavailable; Client host .* blocked using.*;
ignoreregex =
3) optional change /etc/fail2ban/action.d/iptables.conf:
#actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionban = iptables -I fail2ban-<name> 1 -s <ip> -p <protocol> --dport <port> -j DROP
#actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -p <protocol> –dport <port> -j DROP
4) restart fail2ban.
5) enjoy!