On 02-05-12 19:53, [email protected] wrote: > > My recently installed Postfix works as I'd hoped; I moved it into full > production as our corporate server yesterday. > > There's one annoyance, and I admit that's all it is, that I'd like to > get rid of. *Noisy* pests. They irritate me. > > I'm interested in what others do in similar circumstance. > > My 'smtpd_recipient_restrictions' includes checks against DNSBLs, e.g. > spamhaus. > > The typical log pattern for a successful block is 5-10 of these: > > May 2 08:13:26 liam postfix/smtpd[17563]: NOQUEUE: reject: RCPT > from 206.pool85-50-110.dynamic.orange.es[85.50.110.206]: 554 > 5.7.1 Service unavailable; Client host [85.50.110.206] blocked > using zen.spamhaus.org; > http://www.spamhaus.org/query/bl?ip=85.50.110.206; > from=<[email protected]> to=<....@......> > proto=ESMTP helo=<livebox> > > within 5 minutes, then another round or few every 4-12 hourse for a > couple of days. I'll end up with 10-100 log entries effectively > documenting the fact that each pest is a pest. > > Postfix does what it's supposed to, and blocks them. > > I'd like to do two things: > > (1) limit log entries for these items with a logical condition: > > If this connection rejection has been previously attempted and > rejected more than Z times within the last YY minutes, then > reject as usual, but do not bother to log for the next XXXX > minutes. Just reject silently. > > (2) communicate with a firewall on another box to act according to > similar logic: > > If a connection attempt has been made and rejected more than ZZ > times within the last YYYY minutes, then add the offending IP to > an IPTABLES firewall rule on another box > > > I suspect (1) is doable in Postfix configutation, but I haven't noticed > the right parameter yet. Is it 'in' Postfix? > > For (2) I've starting looking at Fail2Ban. Seems like it might work. > Is there something more native to Postfix that's available? Or a better > recommendation? >
I do this with fail2ban on postscreen rejects, works like a charm (on the same box). -- Tom
