On 16/05/2021 10:55, Nicolas Kovacs wrote:
> Hi,
>
> One of my mail servers is running Oracle Linux 7 (a RHEL clone like
CentOS).
> These last days it's been under heavy attack, and Postfix was brought
to its
> knees a few times.
Are you running "postcreen" to help Postfix?
It's part of Postfix - it's in the source and it's built by default -
and I find it mitigates a lot of attacks.
But I'm also interested to see what others are filtering on for Postfix
using fail2ban, I just have:
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:
554 5\.7\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:
450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<>
proto=ESMTP helo= *$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]:
550 5\.1\.1 .*$
^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]:
550 5\.1\.1 .*$
^%(__prefix_line)simproper command pipelining after \S+
from [^[]*\[<HOST>\]:?$
^.*postfix/dnsblog.* addr <HOST> listed by domain .*$
Which may be just what came out of the box, with a bit added by me long
ago. :-)
Cheers,
Gary B-)
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
