Postfix
Limit incoming Mail Rate against Spam Scripts
edit main.cf and set:
smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 10
Testing Mail Loop (send a Mail every Second):
while true; do `date | mail -s "Test Postfix" postbox@yourdomain.com`;sleep 1; done
Result: after 10Mails the sending IP should by blocked! Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!
Automatic Firewall Update
edit a Script firewall.sh set:
#!/bin/bash # GET BAD IP'S cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt # insert to Firewall while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt service ufw restart exit 0
run by cron hourly..
Info:
This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.