Scott Techlist:
> As I watch the bots and spammers hammer my server with connection attempts,
> I figured I might as well stop them even closer to the front door when they
> try repeatedly.
>
> I have fail2ban running already and once I enabled postscreen it didn't seem
> to have much to do anymore.
>
> My primary question is: Can I filter on the DISCONNECT log line for bad
> connections (and only bad connections), or do some "good" connections also
> log a DISCONNECT.
Postcreen logs DISCONNECT for clients that PASS the "after 220
greeting" tests (bare newline, non-SMTP command, pipelining).
I don't think there is much to gain from parsing postscreen logging
to produce fail2ban rules. postscreen is designed to handle a lot
of abuse with near-zero resources.
Wietse
