Ban IP's from saslauthd/postfix?

Petter Adsen petter at synth.no
Sun May 24 08:13:26 UTC 2015


On Sat, 23 May 2015 22:25:53 -0400
Ben Coleman <oloryn at benshome.net> wrote:

> On 05/22/2015 04:35 AM, Petter Adsen wrote:
> > My mailserver is currently being targeted by what seems like a
> > botnet, probably looking to send spam. Is there something like
> > fail2ban I can use that will lock an IP out after a few failed
> > attempts to authenticate?
> 
> I haven't used it with email authentication, but actually, fail2ban
> might do.  It has filters for more than looking for ssh authentication
> failures.  E.g. look at the postfix-sasl, sendmail-auth, dovecot or
> such filters.

Yes, I noticed after sending the mail - it was silly of me not to
check first. I still haven't got it working, though, as it seems I would
need to write a custom action, and I'm *really* bad at regular
expressions.

If I do get it working, I will post it here (and send it to either the
authors or the Ubuntu maintainer) so others can use it also.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150524/79e0ee12/attachment.pgp>


More information about the ubuntu-users mailing list