Wednesday, April 24, 2013

Block frequent spamming IP by fail2ban with iptables

1. install fail2ban
2. Modify jail.conf

[postfix-iptables]


enabled  = true
filter   = postfix
action   = iptables[name=Postfix, port=smtp, protocol=tcp]
           sendmail[name=Postfix, dest=alertmailaddress@yourdomain.com]
logpath  = /var/log/maillog
bantime  = 3600
findtime = 300
maxretry = 3

3. Modify postfix.conf

failregex = reject: RCPT from (.*)\[<HOST>\]: 554
            reject: RCPT from (.*)\[<HOST>\]: 550
            reject: RCPT from (.*)\[<HOST>\]: 450

4. Done.

PS: Just find a very good piece of modification for blocking repeaters

http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
Posted by at No comments:
Subscribe to: Posts (Atom)