Thanks for the reply. There are some words here,
https://unix.stackexchange.com/questions/179477/how-does-fail2ban-detect-the-time-of-an-intrusion-attempt-if-the-log-files-dont Which suggests that Fail2Ban is continuously scanning logfiles for changes unless you install Gamin which is some sort of helper program that sppears to get a Kernal notification in the event something is written to the logfile. Now I have to install Fail2Ban and Gamin and work out how to use them in anger. OK, perhaps I moan too much but things are escalting in complexity whereas if I had my way Postfix could directly notify my simple script rather than going around these additinal houses. Miss out the middle men. Bob On Wed, 2024-07-24 at 14:11 +0200, Jaroslaw Rafa via Postfix-users wrote: > Dnia 24.07.2024 o godz. 00:14:51 Bob via Postfix-users pisze: > > I want "Kill on Sight". > > > > Fastest way to me would be Postfix says it logged a connection from > > fluffy.cuddly.port.raping.internet-measurement.com calls my script > > with the IP address and they get stuffed up IPTables. > > Despite what you say about your unsuccessful attempts with fail2ban, > it seems the best tool for the job. It's the whole idea of fail2ban > anyway - if "SOMETHING" appears in the logfile "SOME" number of times > (which can be 1), then stuff the IP address into iptables for > blocking. > > AFAIK, fail2ban uses inotify mechanism to monitor log files, so it > detects changes in logfiles immediately and not retroactively as you > stated. So at the moment when Postfix logs connection from > "fluffy.cuddly.port.raping.internet-measurement.com" ;), fail2ban can > block it. It's all the matter of writing proper rules for fail2ban. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
