I am running small Postfix server for personal use. My logs are flooded with:
relay access denied hello rejects connection rate limit exceeded ... lost connection after AUTH from ... Often there are hundreds of these logs from the same IP address. I know, that I can use fail2ban to block these IP addresses using iptables. But I very much dislike the way fail2ban works: Postfix logs errors -> rsyslog writes them to text file -> fail2ban parses those text files and creates iptables rules. Seems to me, the only step missing to make it even more ugly would be to print the logs on paper, and then use OCR to scan them back. Does this process have to be so complicated ? Is there no easier way to block offending IP addresses using iptables ? thanks, Karel
