Am 14.06.2013 18:00, schrieb Simon B: > On 14 June 2013 17:44, c cc <sub...@gmail.com> wrote: >> >> Hi, >> >> For the last few days, I noticed that our postfix server had crawl to a halt >> due to some kind of email attack. As you can see below, there were a lot of >> smtp connections. I was wondering if there is a way to stop this from >> Postfix? Thanks! >> >> /etc/postfix $netstat -plan | grep ':25' | grep ESTAB >> tcp 0 0 xx.xx.xx.xx:25 181.66.192.196:11798 ESTABLISHED >> 17329/smtpd >> tcp 0 0 xx.xx.xx.xx:25 77.42.140.151:54112 ESTABLISHED - >> tcp 0 0 xx.xx.xx.xx:25 109.166.128.3:36208 ESTABLISHED - >> tcp 0 0 xx.xx.xx.xx:25 186.46.0.66:16698 ESTABLISHED > > Presumably they are connecting more than once? Fail2ban? > > Simon >
if you have a massive bot problem , fail2ban is to slow to help i solved it with an iptables recent rsylog combination sorry only german , but tec stuff should be understandable anyway http://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ http://blog.schaal-24.de/?p=1626 but be aware such solutions must be well configured and fit to your setup Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
