[sclug] dynamic iptables updates for SMTP server
Martin Meredith
martin at sourceguru.net
Wed Jun 4 11:56:17 UTC 2008
On Tue, 2008-06-03 at 11:06 +0100, Darren Davison wrote:
> Anyone know if a similar solution to "DenyHosts" [1] exists for SMTP
> connections? (doesn't look as if DenyHosts itself is pluggable in any
> respect)
>
> My little home network has seen a huge rise recently in the number of
> blocked SMTP connections due to RBL checking (from around 300 per day to
> around 1200 per day). Most of this is due to a few persistent servers
> that just retry the connection several hundred times, ignoring the
> failure code from my postfix box.
>
> Ideally, I'd like to add the offending IP address to hosts.deny, or as
> the subject of an iptables rule for a period of 24 hours after they make
> more than a handful of rejected SMTP connections.
>
> Any pointers appreciated.
Have a look at Fail2ban [1] - This does dynamic blocking etc based on
fails.
More specific configuration info for postfix is available at [2]
[1] ?http://www.fail2ban.org/
[2]? http://www.fail2ban.org/wiki/index.php/Postfix
More information about the Sclug
mailing list