On 17/05/2025 16:23, pgnd via Postfix-users wrote: > logs (/var/log/postfix/postfix.log) routinely report postscreen doing its job > well at fending off 'pulses' of spammy > connection attempts. e.g., <SNIP> > the number of attempts varies from any one IP -- from just one to hundreds. > > atm, ALL logged. it gets noisy. > > i understand that load on pf/dns is fairly low -- as postscreen cache should > be in use; server resources are certainly > not taxed. > > and, i know i can filter log output with grep or rsyslog. > > can pf's logging config itself, for these connections, be directly quieted -- > or at least better aggregated? > if so, how? > if not, ndb -- just an inconvenience.
I have a simple script (a fail2ban look-alike), which looks for multiple postscreen disconnects, and adds the offending address to an IPtables block-list . Not quite what you asked for, but it works a treat for my small system. Hope this helps Allen C _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
