Yo! Thanks for the suggestion and the links.
Unfotunately as per, https://fail2ban.readthedocs.io/en/latest/filters.html and my previous moan. Fail2Ban is retro-active and tries to deal with all of the everything... https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filters and if someone decides that my operating system does not need logfiles, perhaps to save write wear on my Micro SD, it would be a bit lost. As I have suggested I am more than thick so having tried Fail2Ban a couple of times I gave up. Mea Culpa. In part I suppose that's why I used RFC in the title because if Postfix is Postfix and considers something like this other mail server implementations might think "that's a good idea" or I am a nutter. I am at the level where I don't understand header_checks but can reject so I don't end up with stuff in my inbox but even header_checks appears to have an extended language of its own that is beyond me... Prototype /hotmail/ REJECT "Shove Your SEO/APP Spam" EXCEPT /mywife,mykid,hmrc/ I guess I am saying that I am simple and don't need to deal with SuperUser stuff including having to intstall other stuff that has to take my guess as to what it is dealing with in a differently wierd way. Bob On Wed, 2024-07-24 at 00:05 +0200, r.barc...@habmalnefrage.de wrote: > Hi, > > You could use a custom Fail2Ban regular expression to ban IP > addresses that cause Postfix log entries containing certain domain > names. > > See > https://en.wikipedia.org/wiki/Fail2ban > https://fail2ban.readthedocs.io/en/latest/filters.html > > Yours, > Reg > > > Gesendet: Dienstag, 23. Juli 2024 um 23:14 Uhr > > Von: "Bob via Postfix-users" <postfix-users@postfix.org> > > An: postfix-users@postfix.org > > Betreff: [pfx] RFC logs_check > > > > Hi, > > > > Apologies if this a silly suggestion. I have hunted high and low > > for a > > thing that would be simple for someone who is simple. I get the > > impression from the usual sources such as stackexchange that there > > is > > no easy or rather simple answer. > > > > Whilst I have spotted 'spawn' as a possibility of invoking an > > external > > script I get the impression that I will fail because I have already > > failed. Mot knowing much it looks like I would have to write my own > > message handler in python or some other language. > > > > That's well above my intelligence grade so, just an idea... > > > > Would it be possible to have a logs_check thing that might for > > example > > contain > > > > unknown > > unavailable > > user=<> > > cyberresilience > > binaryedge > > censys-scanner.com > > shadowserver.org > > stretchoid.com > > measurement.com > > shodan.io > > > > Whereby when Postfix matches the words it would write to a logfile > > and > > includes an IP address it would call an external script with that > > IP > > address and the associated word so I could immediately drop the IP > > address into IPTables as a block with a simple script? > > > > I realise stuff like failtoban is available but when I look at it > > the > > wrong way, or in any way, it falls over and it only looks at > > logfiles > > every so often and last time I broke my Pi I had to install rsyslog > > or > > somesuch to get the logfiles back. > > > > Try not to be nice to me because if you are I will request other > > stuff > > for simple minded people such as myself. > > > > Bob > > > > > > _______________________________________________ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org > > _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
