Difference between revisions of "Postfix"
Jump to navigation
Jump to search
(Created page with "Limit incoming Mail Rate against Spam Scripts: edit main.cf and set: <pre> smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_con...") |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Limit incoming Mail Rate against Spam Scripts | + | == Limit incoming Mail Rate against Spam Scripts == |
edit main.cf and set: | edit main.cf and set: | ||
Line 15: | Line 15: | ||
</pre> | </pre> | ||
− | Result: after 10Mails the | + | Result: after 10Mails the sending IP should by blocked! |
Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever! | Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever! | ||
+ | |||
+ | |||
+ | == Automatic Firewall Update == | ||
+ | |||
+ | edit a Script firewall.sh set: | ||
+ | <pre> | ||
+ | #!/bin/bash | ||
+ | # GET BAD IP'S | ||
+ | cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt | ||
+ | # insert to Firewall | ||
+ | while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt | ||
+ | service ufw restart | ||
+ | exit 0 | ||
+ | </pre> | ||
+ | run by cron hourly.. | ||
+ | |||
+ | Info: | ||
+ | |||
+ | This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt | ||
+ | the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks. |
Latest revision as of 17:04, 5 December 2017
Limit incoming Mail Rate against Spam Scripts
edit main.cf and set:
smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 10
Testing Mail Loop (send a Mail every Second):
while true; do `date | mail -s "Test Postfix" postbox@yourdomain.com`;sleep 1; done
Result: after 10Mails the sending IP should by blocked! Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!
Automatic Firewall Update
edit a Script firewall.sh set:
#!/bin/bash # GET BAD IP'S cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt # insert to Firewall while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt service ufw restart exit 0
run by cron hourly..
Info:
This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.