On Wed, Mar 02, 2016 at 11:31:44AM -0600, /dev/rob0 wrote:
On Wed, Mar 02, 2016 at 02:49:35PM +0100, Karel wrote:I am running small Postfix server for personal use. My logs are flooded with:relay access denied hello rejects connection rate limit exceeded ... lost connection after AUTH from ... Often there are hundreds of these logs from the same IP address. I know, that I can use fail2ban to block these IP addresses using iptables. But I very much dislike the way fail2ban works: Postfix logs errors -> rsyslog writes them to text file -> fail2ban parses those text files and creates iptables rules. Seems to me, the only step missing to make it even more ugly would be to print the logs on paper, and then use OCR to scan them back.Hehe, I quite agree. OCR is a nice touch. :)Does this process have to be so complicated ? Is there no easier way to block offending IP addresses using iptables ?Before I launch into all of this, I'll have to agree with the earlier poster who said, "Don't worry about it." It's interesting to see how much garbage your Postfix is rejecting. The bandwidth savings from blocking abusers is minimal. That said ... One way in which this process could be greatly improved would be if fail2ban supports (or can be made to use) ipset(8). Then rather than mucking about with your iptables rules, fail2ban simply updates the ipset.
It does: https://github.com/fail2ban/fail2ban/blob/master/config/action.d/iptables-ipset-proto4.conf
If your version of fail2ban doesn't come with that file, you should nevertheless be able to use it more-or-less as is.
-- For more information, please reread.
signature.asc
Description: PGP signature
