Difference between revisions of "Postfix"

From wiki.linuxonlinehelp.eu
Jump to navigation Jump to search
(Created page with "Limit incoming Mail Rate against Spam Scripts: edit main.cf and set: <pre> smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 5 smtpd_hard_error_limit = 10 smtpd_client_con...")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Limit incoming Mail Rate against Spam Scripts:
+
== Limit incoming Mail Rate against Spam Scripts ==
  
 
edit main.cf and set:
 
edit main.cf and set:
Line 15: Line 15:
 
</pre>
 
</pre>
  
Result: after 10Mails the Senser IP should by blocked!
+
Result: after 10Mails the sending IP should by blocked!
 
Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!
 
Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!
 +
 +
 +
== Automatic Firewall Update ==
 +
 +
edit a Script firewall.sh set:
 +
<pre>
 +
#!/bin/bash
 +
# GET BAD IP'S
 +
cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt
 +
# insert to Firewall
 +
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt
 +
service ufw restart
 +
exit 0
 +
</pre>
 +
run by cron hourly..
 +
 +
Info:
 +
 +
This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt
 +
the pull the IP list of firewall.txt to ufw  as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.

Latest revision as of 17:04, 5 December 2017

Limit incoming Mail Rate against Spam Scripts

edit main.cf and set:

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 10

Testing Mail Loop (send a Mail every Second):

 
while true; do `date | mail -s "Test Postfix" postbox@yourdomain.com`;sleep 1; done

Result: after 10Mails the sending IP should by blocked! Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!


Automatic Firewall Update

edit a Script firewall.sh set:

#!/bin/bash
# GET BAD IP'S
cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt
# insert to Firewall
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt
service ufw restart
exit 0

run by cron hourly..

Info:

This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.