post...@ptld.com wrote in <c586e46756c153f58a32e2b104465...@ptld.com>: |> Is there a way, in postfix, to run a script when the authentication \ |> fails, please ? |> I would like to use nftables sets, with the timeout option, to ban \ |> IP addresses. I know fail2ban exists, but I am considering other options. |> nftables sets, implemented in the kernel, with the timeout option, \ |> seem to be a great and very light option. | | |No, postfix itself can not. You can use a milter to read the headers \
Actually it can on NetBSD and FreeBSD when it is patched for blacklistd (i think NetBSD changed to blocklistd). (That is, actually it simply calls on that daemon, which then in turn does. Once i looked last, years ago. By then they did include patches for postfix .. and they do still, in "git show origin/trunk:external/bsd/blocklist/diff/postfix.diff".) |looking for an authentication fail. The milter can run a shell command \ |for the firewall. | |The way I do it, is I use omprog of rsyslog to process postfix logs \ |with a script. The script can watch for log lines from opendmarc and \ |run a shell command for the firewall when it finds a fail. | |Both of these ways requires the ability to do script coding. --End of <c586e46756c153f58a32e2b104465...@ptld.com> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
