On Sun, Oct 12, 2014 at 03:27:41AM -0300, Julio Cesar Covolato wrote: > Hi People! > Anyone has a good rule for postfix smtpd whit fail2ban? > Sorry for the OT:))
The mtpolicyd policy daemon has a plugin for directly adding IPs to a fail2ban target without the logging/parsing. It directly uses the unix socket for communication with the fail2ban daemon. https://www.mtpolicyd.org/ Plugin: http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban For example I use it to create a scoring based on different RBLs, SPF, GeoIP. Clients with a very bad reputation get rejected and added to fail2ban. Clients with a dubious reputation get greylisting applied. Clients with a good reputation just pass. Since it is a policy daemon it only does SMTP level checks. For parsing of postfix logs there's already a filter.d/postfix.conf included with the fail2ban package. For amavis log file i use the following configuration: --- filter.d/amavis.local [INCLUDES] before = common.conf [Definition] _daemon = amavis failregex = ^%(__prefix_line)s.*(Blocked|Passed) (INFECTED|SPAM|SPAMMY) {(RejectedInbound|RelayedTaggedInbound)}, \[<HOST>\] ignoreregex = --- - Markus
