On 24.05.24 07:36, John Hill via Postfix-users wrote:
What command do you use to reset the connection?
no command, just rule in OUTPUT chain:
1710 649K REJECT 6 -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:25 match-set block-smtp dst reject-with icmp-port-unreachable
so any outgoing (dst) packet from TCP port 25 to IP address in ipset
"block-smtp" will result in icmp port unreachable.
It can be changed to tcp-reset.
On 5/24/24 6:18 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 23.05.24 21:03, John Hill via Postfix-users wrote:
I use Fail2Ban to block the failed IP. The script writes it into
the nftables table immediately.
I think this keeps Postfix waiting and times out, not a big deal.
Is there a cli that my bash script could force disconnect the ip
from Postfix?
I use fail2ban a way where incoming packets to port 25 get dropped
and outgoing packets from port 25 get reset, so smtpd should receive
info to close connection when first packet leaves.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
