My recently installed Postfix works as I'd hoped; I moved it into full
production as our corporate server yesterday.
There's one annoyance, and I admit that's all it is, that I'd like to
get rid of. *Noisy* pests. They irritate me.
I'm interested in what others do in similar circumstance.
My 'smtpd_recipient_restrictions' includes checks against DNSBLs, e.g.
spamhaus.
The typical log pattern for a successful block is 5-10 of these:
May 2 08:13:26 liam postfix/smtpd[17563]: NOQUEUE: reject: RCPT
from 206.pool85-50-110.dynamic.orange.es[85.50.110.206]: 554
5.7.1 Service unavailable; Client host [85.50.110.206] blocked
using zen.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=85.50.110.206;
from=<hyphenates...@financial-tracking.com> to=<....@......>
proto=ESMTP helo=<livebox>
within 5 minutes, then another round or few every 4-12 hourse for a
couple of days. I'll end up with 10-100 log entries effectively
documenting the fact that each pest is a pest.
Postfix does what it's supposed to, and blocks them.
I'd like to do two things:
(1) limit log entries for these items with a logical condition:
If this connection rejection has been previously attempted and
rejected more than Z times within the last YY minutes, then
reject as usual, but do not bother to log for the next XXXX
minutes. Just reject silently.
(2) communicate with a firewall on another box to act according to
similar logic:
If a connection attempt has been made and rejected more than ZZ
times within the last YYYY minutes, then add the offending IP to
an IPTABLES firewall rule on another box
I suspect (1) is doable in Postfix configutation, but I haven't noticed
the right parameter yet. Is it 'in' Postfix?
For (2) I've starting looking at Fail2Ban. Seems like it might work.
Is there something more native to Postfix that's available? Or a better
recommendation?
--
Thanks,
Karen
