Hi, That is not a good idea, maybe you don't understand greylisting?
When a new host connects and tries to deliver a message, the host is
greylisted and told to return some time later. MTAs don't understand the
actual time that is communicated, they just try again later based on
their own configuration.
When a greylisted host returns too soon, it is still blocked by the
greylisting milter, and told to come back later. You could in theory try
to apply f2b to the logs and block hosts at the firewall level that
retry too soon too often, but they are already being blocked by the
greylisting milter, so why bother?
Using f2b, you could potentially block a bonafide server with settings
that are a bit too enthusiastic, but you don't win anything when you
block a spammer (because it is already being blocked).
Kind regards,
Tom
On 06-11-18 20:57, Robert Kudyba wrote:
> Is there a jail that would cover logs like these from /var/log/maillog?
>
> Nov 6 06:31:03 dsm milter-greylist[852]: wA6BUrNX018110: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*[email protected] <mailto:[email protected]>*>, rcpt =
> <*[email protected] <mailto:[email protected]>*>
> Nov 6 06:31:03 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov 6 06:31:03 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov 6 06:31:03 dsm milter-greylist[852]: created: 151.0.76.15 from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*> delayed for 00:30:00
> Nov 6 06:31:03 dsm milter-greylist[852]: wA6BUrNX018110: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*> delayed for 00:30:00
> (ACL 146)
> Nov 6 06:31:03 dsm sendmail[18110]: wA6BUrNX018110: Milter:
> to=<*[email protected] <mailto:[email protected]>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov 6 06:31:04 dsm sendmail[18110]: wA6BUrNX018110:
> from=<*[email protected] <mailto:[email protected]>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov 6 06:31:04 dsm milter-greylist[852]: (local): 58.175.243.70 from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*>: greylisted entry
> timed out
> Nov 6 06:31:19 dsm milter-greylist[852]: wA6BV9tS018148: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*[email protected] <mailto:[email protected]>*>, rcpt =
> <*[email protected] <mailto:[email protected]>*>
> Nov 6 06:31:19 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov 6 06:31:19 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov 6 06:31:19 dsm milter-greylist[852]: wA6BV9tS018148: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*> delayed for 00:29:44
> (ACL 146)
> Nov 6 06:31:19 dsm sendmail[18148]: wA6BV9tS018148: Milter:
> to=<*[email protected] <mailto:[email protected]>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov 6 06:31:20 dsm sendmail[18148]: wA6BV9tS018148:
> from=<*[email protected] <mailto:[email protected]>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov 6 06:31:30 dsm milter-greylist[852]: wA6BVKfk018169: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*[email protected] <mailto:[email protected]>*>, rcpt =
> <*[email protected] <mailto:[email protected]>*>
> Nov 6 06:31:30 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov 6 06:31:30 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov 6 06:31:30 dsm milter-greylist[852]: wA6BVKfk018169: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*> delayed for 00:29:33
> (ACL 146)
> Nov 6 06:31:30 dsm sendmail[18169]: wA6BVKfk018169: Milter:
> to=<*[email protected] <mailto:[email protected]>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov 6 06:31:30 dsm sendmail[18169]: wA6BVKfk018169:
> from=<*[email protected] <mailto:[email protected]>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov 6 06:31:41 dsm milter-greylist[852]: wA6BVUJJ018195: addr =
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15], from =
> <*[email protected] <mailto:[email protected]>*>, rcpt =
> <*[email protected] <mailto:[email protected]>*>
> Nov 6 06:31:41 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 131 continue from_re /.*/ [addheader "X-Greylist: inspected by %V
> for IP:'%i' DOMAIN:'%d' HELO:'%h' FROM:'%f' RCPT:'%r'"]
> Nov 6 06:31:41 dsm milter-greylist[852]: Mail from=<*[email protected]
> <mailto:[email protected]>*>, rcpt=<*[email protected]
> <mailto:[email protected]>*>, addr=apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] is matched by entry
> racl 146 greylist [maxpeek -1] default
> Nov 6 06:31:41 dsm milter-greylist[852]: wA6BVUJJ018195: addr
> apn-151-0-76-15.vodafone.hu
> <http://apn-151-0-76-15.vodafone.hu>[151.0.76.15] from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*> delayed for 00:29:22
> (ACL 146)
> Nov 6 06:31:41 dsm sendmail[18195]: wA6BVUJJ018195: Milter:
> to=<*[email protected] <mailto:[email protected]>*>, reject=451 4.7.1
> Greylisting in action, please come back later
> Nov 6 06:31:41 dsm sendmail[18195]: wA6BVUJJ018195:
> from=<*[email protected] <mailto:[email protected]>*>, size=0,
> class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=apn-151-0-76-15.vodafone.hu <http://apn-151-0-76-15.vodafone.hu>
> [151.0.76.15]
> Nov 6 10:20:59 dsm milter-greylist[852]: (local): 45.245.246.199 from
> <*[email protected] <mailto:[email protected]>*> to
> <*[email protected] <mailto:[email protected]>*>: greylisted entry
> timed out
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
