Ban IP's from saslauthd/postfix?

Ed Begens edbegens at
Sun May 24 13:32:04 UTC 2015


You might want to consider using IPTables to slam the door on the 
offending Botnet (and their associated IP addresses).  But, there might 
be better options out there depending on your server usage (in what 
environment it's being utilized for).


On 05/24/2015 04:13 AM, Petter Adsen wrote:
> On Sat, 23 May 2015 22:25:53 -0400
> Ben Coleman <oloryn at> wrote:
>> On 05/22/2015 04:35 AM, Petter Adsen wrote:
>>> My mailserver is currently being targeted by what seems like a
>>> botnet, probably looking to send spam. Is there something like
>>> fail2ban I can use that will lock an IP out after a few failed
>>> attempts to authenticate?
>> I haven't used it with email authentication, but actually, fail2ban
>> might do.  It has filters for more than looking for ssh authentication
>> failures.  E.g. look at the postfix-sasl, sendmail-auth, dovecot or
>> such filters.
> Yes, I noticed after sending the mail - it was silly of me not to
> check first. I still haven't got it working, though, as it seems I would
> need to write a custom action, and I'm *really* bad at regular
> expressions.
> If I do get it working, I will post it here (and send it to either the
> authors or the Ubuntu maintainer) so others can use it also.
> Petter

More information about the ubuntu-users mailing list