On 5/24/2019 11:33 AM, @lbutlr wrote:
I have an active email address that only receives spam (it is an address that
wasn't used for years but I've recently reactive to see just how much spam an
unprotected decades old account that hasn't accepted mail since 2006 would get).
Anyway, what I would like to do is somehow blacklist any IP that sends mail to
that address for some period of time, configurable by me but not necessarily
dynamic. (That is, if I could specify 1 day or 3 hours for any match, that is
fine).
I suspect that postfix might be able to do this through some sort of
helo_access check? I mean, I know managing the timeout would be outside of
postfix, but I can figure that part out easily enough.
Or should I look at expanding the log matching in fail2ban instead?
Or something obvious and clearly better?
Adding a log match in fail2ban for the blacklisted recipient is by
far the easiest solution.
Postfix doesn't have much built-in that would help this project. You
would need to write a policy service or log watcher that checks for
the blacklisted recipient, which would then add the offending client
IP to a check_client_access blacklist table. Using *sql or lmdb for
the blacklist table would eliminate the need to rebuild the table
after each change.
-- Noel Jones