Difference between revisions of "Postfix"
Jump to navigation
Jump to search
| (One intermediate revision by the same user not shown) | |||
| Line 25: | Line 25: | ||
#!/bin/bash | #!/bin/bash | ||
# GET BAD IP'S | # GET BAD IP'S | ||
| − | cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1 > /tmp/firewall.txt | + | cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt |
# insert to Firewall | # insert to Firewall | ||
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt | while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt | ||
| Line 32: | Line 32: | ||
</pre> | </pre> | ||
run by cron hourly.. | run by cron hourly.. | ||
| + | |||
| + | Info: | ||
| + | |||
| + | This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt | ||
| + | the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks. | ||
Latest revision as of 17:04, 5 December 2017
Limit incoming Mail Rate against Spam Scripts
edit main.cf and set:
smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 10
Testing Mail Loop (send a Mail every Second):
while true; do `date | mail -s "Test Postfix" postbox@yourdomain.com`;sleep 1; done
Result: after 10Mails the sending IP should by blocked! Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!
Automatic Firewall Update
edit a Script firewall.sh set:
#!/bin/bash # GET BAD IP'S cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt # insert to Firewall while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt service ufw restart exit 0
run by cron hourly..
Info:
This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.