Am 27.10.2016 um 18:32 schrieb John Hardin: > On Thu, 27 Oct 2016, Christian Grunfeld wrote: > >> fail2ban with custom filter..... > > I tarpit them... > > http://www.impsec.org/~jhardin/antispam/spammer-firewall > > >> 2016-10-27 10:38 GMT-03:00 Nicola Piazzi <nicola.pia...@gruppocomet.it>: >> >>> This script can be used if you have mailscanner in mysql database that >>> record results of spamassassin activity and postfix as mta >>> >>> # postban.sh >>> # Temporary Ban SpamOnly Ip >>> # ------------------------- >>> # >>> # This script create a table for postfix that ban IPs that made high >>> spam >>> results only >>> # >>> # 1) Put this script anywhere and set your parameters >>> # 2) Put in crontab a line like this to run every 15 minutes : >>> # 0/15 * * * * /batch/postban.sh >
https://sys4.de/de/blog/2015/11/07/abwehr-des-botnets-pushdo-cutwail-ehlo-ylmf-pc-mit-iptables-string-recent-smtp/ https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ but this solutions may not fit exact to "your" problem fail2ban is a good well tested solution so you should always decide by deep log analysis which way to go Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
