Karel: > > On 2016-06-08 17:59, Phil Stracchino wrote: > > > > This may not work for you, but I reject all incoming mail connections > > directly from Windows hosts at my firewall. They are overwhelmingly > > likely to be botnet spam zombies. If it's a legitimate mailserver, it > > will fall back through my backup MX. If it doesn't, the odds are I > > didn't want the mail anyway. > > how do you distinguish Windows connections from non-windows in your > firewall ?
There is a policy daemon at http://www.maiamailguard.com/maia/wiki/p0f that can log client info. Based on that logging you can use fail2ban to add a firewall rule. Postfix side: http://www.postfix.org/SMTPD_POLICY_README.html Wietse
