Hi, You could use a custom Fail2Ban regular expression to ban IP addresses that cause Postfix log entries containing certain domain names.
See https://en.wikipedia.org/wiki/Fail2ban https://fail2ban.readthedocs.io/en/latest/filters.html Yours, Reg > Gesendet: Dienstag, 23. Juli 2024 um 23:14 Uhr > Von: "Bob via Postfix-users" <postfix-users@postfix.org> > An: postfix-users@postfix.org > Betreff: [pfx] RFC logs_check > > Hi, > > Apologies if this a silly suggestion. I have hunted high and low for a > thing that would be simple for someone who is simple. I get the > impression from the usual sources such as stackexchange that there is > no easy or rather simple answer. > > Whilst I have spotted 'spawn' as a possibility of invoking an external > script I get the impression that I will fail because I have already > failed. Mot knowing much it looks like I would have to write my own > message handler in python or some other language. > > That's well above my intelligence grade so, just an idea... > > Would it be possible to have a logs_check thing that might for example > contain > > unknown > unavailable > user=<> > cyberresilience > binaryedge > censys-scanner.com > shadowserver.org > stretchoid.com > measurement.com > shodan.io > > Whereby when Postfix matches the words it would write to a logfile and > includes an IP address it would call an external script with that IP > address and the associated word so I could immediately drop the IP > address into IPTables as a block with a simple script? > > I realise stuff like failtoban is available but when I look at it the > wrong way, or in any way, it falls over and it only looks at logfiles > every so often and last time I broke my Pi I had to install rsyslog or > somesuch to get the logfiles back. > > Try not to be nice to me because if you are I will request other stuff > for simple minded people such as myself. > > Bob > > > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
