Fail2ban helps postfix filter malicious IP addresses
Source: Internet
Author: User
Fail2ban helped the postfix filter malicious IP address to read the postfix log today, and found that a large number of NOQUEUE: reject: RCPTfromunknown [18360103208]: 504552 are reported in the log, and the IP address changing frequency is constantly high, one minute, I can receive connections of about 2000. although fail2ban helped the postfix filter malicious IP address, I read the postfix log today and found that a large number of NOQUEUE: reject: RCPT from unknown [183.60.103.208]: 504 5.5.2, in addition, the IP address is constantly changing, and the frequency is very high. a connection of about 2000 can be received in one minute. although The postfix has rejected the request, it is also a waste of server resources. It was decided to be killed in the bud. So I remembered fail2ban. Install yum first, and the epel source yum install fail2ban-y cd/etc/fail2ban vi jail is required. conf # [postfix-tcpwrapper] [POSTFIX] enabled = tureport = smtpfilter = postfixlogpath =/var/log/zimbra. log # log action = iptables [name = Postfix, port = 25, protocol = tcp] # call iptables to reject IP addresses ignored by ipignoreip = 127.0.0.1 192.168.2.0/16, or the trusted IP address bantime = 86400 ##### forbidden access time (in seconds) findtime = 60 maxretry = 5 ### maximum number of attempts vi filter. d/postfix. conf failregex = warning :(. *)\[ \]: Sasl login authentication failed: reject: RCPT from (.*)\[ \]: 550 5.1.1 reject: RCPT from (.*)\[ \]: 450 4.7.1 reject: RCPT from (.*)\[ \]: 554 5.7.1 reject: RCPT from (.*)\[ \]: 554 5.5.2 reject: RCPT from (.*)\[ \]: 504 5.5.2 ### filter rules, the above four default, I added two other and then start the service: service fail2ban start view status: fail2ban-client status POSTFIXStatus for the jail: POSTFIX |-filter |-File list:/var/log/zimbra. log |-Currently failed: 0 | '-Total failed: 8'-action |-Currently banned: 1 |'-IP list: 120.197.131.6 '-Total banned: 1 has an IP address iptables-L Chain fail2ban-Postfix (1 references) target prot opt source destination DROP all -- 120.197.131.6 anywhere RETURN all -- anywhere the world is finally much quieter
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.