Hi Nick, and very very thanks for your kind help..
Nick Howitt ha scritto: > Hi Davide, > > Rather than a login attempt, it is a connection attempt certainlyyou're absolutely right! :-) > and you're going > to get a lot of those if you run your own mailserver. ..huh,I guess! > The postfix filter > does not pick up these attempts. To get round it, I've created my own jail: > > [postfix-disc] > enabled = true > logpath = %(syslog_mail)s [,,] > > > # Author: Nick Howitt > > Note that my filter would have triggered but not banned as it is set to > require 5 attempts in an hour before activating a ban. Your postfix > filter would need 5 attempts in a 10 minutes if you are running with the > default configuration, so also would not have banned based on this > single find. understand, perfect! > > FWIW, if you put: > > smtpd_client_restrictions = reject_unknown_reverse_client_hostname > > in your /etc/postfix/main.cf, postfix will drop all these connections > from unknown. [..] You can test by using the following > instead: > > smtpd_client_restrictions = warn_if_reject > reject_unknown_reverse_client_hostname > > This will log a failure but not reject. > > Even if you do use smtpd_client_restrictions, Well, If I meant to use the "smtpd_client_restrictions"do you thinkyou couldgive me any troublewithemail users? Andin the eventitcreatedthese problemsI think it'svery limited cases, right? What is your experience about? > I would still use f2b to > ban offenders because every so often I get a burst of 100+ attempts > which I don't like. I also have a jail to stop slow chipping away: > > [postfix-discsl] > # as postfix-disc but to pick up people chipping away slowly > enabled = true > logpath = %(syslog_mail)s > filter = postfix-disc > maxretry = 10 > bantime = 108000 > findtime = 86400 > port = smtp,465,submission > > It uses the same filter but blocks after 10 attempts in 8 hours Perfect, this filter is very interesting,and I didmy ;-) > > It is all a bit OTT but I am a bit paranoid about my mail server. It's notparanoia it'sserenity!When the email server isin safeplace you can afford tostaya little longerin the great outdoors! :-p Many thanks again for your very very very comprehensive response and suggestions. This email server is the first one for me and I sometimeshappen to dosillyor inaccurate questions,but youunderstood andyou cometo me withcare (unlikemy recent experience with thepostfixmailing list ..brrr!!!) ;-) -- cosmogoniA cosmogoniA n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
