On 19/06/2014 16:57, Giuseppe De Nicolo' wrote:
Hi,
I have a question for you more experienced admin , I have some
good abuse on my servers by IP listed in spam list , since I am using
postscreen to block those all is good , anyway I thought then a good
idea to just drop that traffic and avoid myself thousand of log line
with 450 4.7.1 service unavailable , ans so I added fail2ban to the
mix, inserting those IP into netfilter as reject. Pratically I am
sending into iptables all the IP which attempt consecutive ( 10 in 600
sec ) directory harvesting hit and IP which attempt consecutive ( 10
in 120 sec )connection from spammy IP , the only drawback is obviously
that I do not see them in postfix log , and so decided to ban them for
3 hours.
Anyway I do wonder if this is a bad practice and as such should be
avoided or not ?
Best Regards
A while ago I implemented the same thing ... but in a massive spam wave
(between 1000-2000 / min) I found 5-10 IP-s repeating ... so for me it's
just complicate the setup. I stay happy with postscreen!
--
Levi
