Hi, Apologies if this a silly suggestion. I have hunted high and low for a thing that would be simple for someone who is simple. I get the impression from the usual sources such as stackexchange that there is no easy or rather simple answer.
Whilst I have spotted 'spawn' as a possibility of invoking an external script I get the impression that I will fail because I have already failed. Mot knowing much it looks like I would have to write my own message handler in python or some other language. That's well above my intelligence grade so, just an idea... Would it be possible to have a logs_check thing that might for example contain unknown unavailable user=<> cyberresilience binaryedge censys-scanner.com shadowserver.org stretchoid.com measurement.com shodan.io Whereby when Postfix matches the words it would write to a logfile and includes an IP address it would call an external script with that IP address and the associated word so I could immediately drop the IP address into IPTables as a block with a simple script? I realise stuff like failtoban is available but when I look at it the wrong way, or in any way, it falls over and it only looks at logfiles every so often and last time I broke my Pi I had to install rsyslog or somesuch to get the logfiles back. Try not to be nice to me because if you are I will request other stuff for simple minded people such as myself. Bob
2024-07-21T05:05:05.938615+01:00 soon8M4 postfix/smtpd[13218]: connect from 7858c0f2.tidalcoinage.internet-measurement.com[104.248.203.191] 2024-07-21T05:05:12.065049+01:00 soon8M4 postfix/smtpd[13218]: disconnect from 7858c0f2.tidalcoinage.internet-measurement.com[104.248.203.191] ehlo=1 starttls=1 quit=1 commands=3 2024-07-23T12:38:19.390340+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from exquisite.monitoring.internet-measurement.com[87.236.176.212] 2024-07-23T12:38:56.352464+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from exquisite.monitoring.internet-measurement.com[87.236.176.212] ehlo=1 quit=1 commands=2 2024-07-23T12:38:57.506055+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from sweet.monitoring.internet-measurement.com[87.236.176.224] 2024-07-23T12:38:57.526744+01:00 soon8M4 postfix/smtps/smtpd[18433]: SSL_accept error from sweet.monitoring.internet-measurement.com[87.236.176.224]: Connection reset by peer 2024-07-23T12:38:57.527208+01:00 soon8M4 postfix/smtps/smtpd[18433]: lost connection after CONNECT from sweet.monitoring.internet-measurement.com[87.236.176.224] 2024-07-23T12:38:57.527465+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from sweet.monitoring.internet-measurement.com[87.236.176.224] commands=0/0 2024-07-23T12:39:30.556637+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from valiant.monitoring.internet-measurement.com[87.236.176.228] 2024-07-23T12:39:30.575828+01:00 soon8M4 postfix/smtps/smtpd[18433]: SSL_accept error from valiant.monitoring.internet-measurement.com[87.236.176.228]: lost connection 2024-07-23T12:39:30.576228+01:00 soon8M4 postfix/smtps/smtpd[18433]: lost connection after CONNECT from valiant.monitoring.internet-measurement.com[87.236.176.228] 2024-07-23T12:39:30.576475+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from valiant.monitoring.internet-measurement.com[87.236.176.228] commands=0/0 2024-07-23T12:40:03.610083+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from special.monitoring.internet-measurement.com[87.236.176.219] 2024-07-23T12:40:03.631712+01:00 soon8M4 postfix/smtps/smtpd[18433]: SSL_accept error from special.monitoring.internet-measurement.com[87.236.176.219]: lost connection 2024-07-23T12:40:03.632105+01:00 soon8M4 postfix/smtps/smtpd[18433]: lost connection after CONNECT from special.monitoring.internet-measurement.com[87.236.176.219] 2024-07-23T12:40:03.632377+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from special.monitoring.internet-measurement.com[87.236.176.219] commands=0/0 2024-07-23T12:40:36.665039+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from optimistic.monitoring.internet-measurement.com[87.236.176.236] 2024-07-23T12:40:36.666309+01:00 soon8M4 postfix/smtps/smtpd[18433]: SSL_accept error from optimistic.monitoring.internet-measurement.com[87.236.176.236]: -1 2024-07-23T12:40:36.666866+01:00 soon8M4 postfix/smtps/smtpd[18433]: lost connection after CONNECT from optimistic.monitoring.internet-measurement.com[87.236.176.236] 2024-07-23T12:40:36.667064+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from optimistic.monitoring.internet-measurement.com[87.236.176.236] commands=0/0 2024-07-23T12:41:09.725483+01:00 soon8M4 postfix/smtps/smtpd[18433]: connect from talented.monitoring.internet-measurement.com[87.236.176.227] 2024-07-23T12:41:09.744651+01:00 soon8M4 postfix/smtps/smtpd[18433]: SSL_accept error from talented.monitoring.internet-measurement.com[87.236.176.227]: lost connection 2024-07-23T12:41:09.745147+01:00 soon8M4 postfix/smtps/smtpd[18433]: lost connection after CONNECT from talented.monitoring.internet-measurement.com[87.236.176.227] 2024-07-23T12:41:09.745398+01:00 soon8M4 postfix/smtps/smtpd[18433]: disconnect from talented.monitoring.internet-measurement.com[87.236.176.227] commands=0/0 2024-07-23T12:43:03.196496+01:00 soon8M4 postfix/smtps/smtpd[18539]: connect from remarkable.monitoring.internet-measurement.com[87.236.176.239] 2024-07-23T12:43:03.214039+01:00 soon8M4 postfix/smtps/smtpd[18539]: SSL_accept error from remarkable.monitoring.internet-measurement.com[87.236.176.239]: lost connection 2024-07-23T12:43:03.214388+01:00 soon8M4 postfix/smtps/smtpd[18539]: lost connection after CONNECT from remarkable.monitoring.internet-measurement.com[87.236.176.239] 2024-07-23T12:43:03.214486+01:00 soon8M4 postfix/smtps/smtpd[18539]: disconnect from remarkable.monitoring.internet-measurement.com[87.236.176.239] commands=0/0 2024-07-23T12:43:36.239354+01:00 soon8M4 postfix/smtps/smtpd[18539]: connect from remarkable.monitoring.internet-measurement.com[87.236.176.239] 2024-07-23T12:43:36.262696+01:00 soon8M4 postfix/smtps/smtpd[18539]: SSL_accept error from remarkable.monitoring.internet-measurement.com[87.236.176.239]: lost connection 2024-07-23T12:43:36.263139+01:00 soon8M4 postfix/smtps/smtpd[18539]: lost connection after CONNECT from remarkable.monitoring.internet-measurement.com[87.236.176.239] 2024-07-23T12:43:36.263376+01:00 soon8M4 postfix/smtps/smtpd[18539]: disconnect from remarkable.monitoring.internet-measurement.com[87.236.176.239] commands=0/0 2024-07-23T12:44:09.303346+01:00 soon8M4 postfix/smtps/smtpd[18539]: connect from gracious.monitoring.internet-measurement.com[87.236.176.244] 2024-07-23T12:44:09.325289+01:00 soon8M4 postfix/smtps/smtpd[18539]: SSL_accept error from gracious.monitoring.internet-measurement.com[87.236.176.244]: lost connection 2024-07-23T12:44:09.325699+01:00 soon8M4 postfix/smtps/smtpd[18539]: lost connection after CONNECT from gracious.monitoring.internet-measurement.com[87.236.176.244] 2024-07-23T12:44:09.325933+01:00 soon8M4 postfix/smtps/smtpd[18539]: disconnect from gracious.monitoring.internet-measurement.com[87.236.176.244] commands=0/0 2024-07-23T12:45:22.638028+01:00 soon8M4 postfix/smtps/smtpd[18539]: connect from hopeful.monitoring.internet-measurement.com[87.236.176.231] 2024-07-23T12:45:22.639060+01:00 soon8M4 postfix/smtps/smtpd[18539]: SSL_accept error from hopeful.monitoring.internet-measurement.com[87.236.176.231]: -1 2024-07-23T12:45:22.639562+01:00 soon8M4 postfix/smtps/smtpd[18539]: lost connection after CONNECT from hopeful.monitoring.internet-measurement.com[87.236.176.231] 2024-07-23T12:45:22.639798+01:00 soon8M4 postfix/smtps/smtpd[18539]: disconnect from hopeful.monitoring.internet-measurement.com[87.236.176.231] commands=0/0 2024-07-23T12:45:55.704993+01:00 soon8M4 postfix/smtps/smtpd[18539]: connect from fragrant.monitoring.internet-measurement.com[87.236.176.226] 2024-07-23T12:45:55.706012+01:00 soon8M4 postfix/smtps/smtpd[18539]: SSL_accept error from fragrant.monitoring.internet-measurement.com[87.236.176.226]: -1 2024-07-23T12:45:55.706521+01:00 soon8M4 postfix/smtps/smtpd[18539]: lost connection after CONNECT from fragrant.monitoring.internet-measurement.com[87.236.176.226] 2024-07-23T12:45:55.706780+01:00 soon8M4 postfix/smtps/smtpd[18539]: disconnect from fragrant.monitoring.internet-measurement.com[87.236.176.226] commands=0/0
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
