Hi,
I have a question for you more experienced admin , I have some
good abuse on my servers by IP listed in spam list , since I am using
postscreen to block those all is good , anyway I thought then a good
idea to just drop that traffic and avoid myself thousand of log line
with 450 4.7.1 service unavailable , ans so I added fail2ban to the
mix, inserting those IP into netfilter as reject. Pratically I am
sending into iptables all the IP which attempt consecutive ( 10 in 600
sec ) directory harvesting hit and IP which attempt consecutive ( 10 in
120 sec )connection from spammy IP , the only drawback is obviously that
I do not see them in postfix log , and so decided to ban them for 3 hours.
Anyway I do wonder if this is a bad practice and as such should be
avoided or not ?
Best Regards
- blocking spam IP with netfitler good idea or not ? Giuseppe De Nicolo'
-
