Dnia 24.07.2024 o godz. 00:14:51 Bob via Postfix-users pisze: > I want "Kill on Sight". > > Fastest way to me would be Postfix says it logged a connection from > fluffy.cuddly.port.raping.internet-measurement.com calls my script with > the IP address and they get stuffed up IPTables.
Despite what you say about your unsuccessful attempts with fail2ban, it seems the best tool for the job. It's the whole idea of fail2ban anyway - if "SOMETHING" appears in the logfile "SOME" number of times (which can be 1), then stuff the IP address into iptables for blocking. AFAIK, fail2ban uses inotify mechanism to monitor log files, so it detects changes in logfiles immediately and not retroactively as you stated. So at the moment when Postfix logs connection from "fluffy.cuddly.port.raping.internet-measurement.com" ;), fail2ban can block it. It's all the matter of writing proper rules for fail2ban. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
