Jump to: navigation, search

Limit incoming Mail Rate against Spam Scripts

edit and set:

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 10

Testing Mail Loop (send a Mail every Second):

while true; do `date | mail -s "Test Postfix"`;sleep 1; done

Result: after 10Mails the sending IP should by blocked! Add "fail2ban" Log Monitor as second wall protection to kick out bad IP's forever!

Automatic Firewall Update

edit a Script set:

cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt
# insert to Firewall
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt
service ufw restart
exit 0

run by cron hourly..


This Script scan the mail.log File for "rejected" entries (replace rejected by fail or other abuse words you see at the log), cut the IP, delete empty lines and write to firewall.txt the pull the IP list of firewall.txt to ufw as update! Prefer ban forever! Remark this will not work on IPv6 and VPN/Tor Attacks.