Re: OT: Fail2ban linux
On Oct 13, 2014, at 06:48, Markus Benning wrote: > The mtpolicyd policy daemon has a plugin for directly adding IPs to > a fail2ban target without the logging/parsing. > It directly uses the unix socket for communication with the fail2ban > daemon. > > https://www.mtpolicyd.org/ > > Plugin: > > http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban That sounds excellent. Thanks for the pointer
Re: OT: Fail2ban linux
On Mon, 13 Oct 2014 14:48:36 +0200 Markus Benning wrote: > On Sun, Oct 12, 2014 at 03:27:41AM -0300, Julio Cesar Covolato wrote: > > Hi People! > > Anyone has a good rule for postfix smtpd whit fail2ban? > > Sorry for the OT:)) > > The mtpolicyd policy daemon has a plugin for directly adding IPs to > a fail2ban target without the logging/parsing. > It directly uses the unix socket for communication with the fail2ban > daemon. > never know it before, sounds great..
Re: OT: Fail2ban linux
On Sun, Oct 12, 2014 at 03:27:41AM -0300, Julio Cesar Covolato wrote: > Hi People! > Anyone has a good rule for postfix smtpd whit fail2ban? > Sorry for the OT:)) The mtpolicyd policy daemon has a plugin for directly adding IPs to a fail2ban target without the logging/parsing. It directly uses the unix socket for communication with the fail2ban daemon. https://www.mtpolicyd.org/ Plugin: http://www.mtpolicyd.org/documentation.html#Mail::MtPolicyd::Plugin::Fail2Ban For example I use it to create a scoring based on different RBLs, SPF, GeoIP. Clients with a very bad reputation get rejected and added to fail2ban. Clients with a dubious reputation get greylisting applied. Clients with a good reputation just pass. Since it is a policy daemon it only does SMTP level checks. For parsing of postfix logs there's already a filter.d/postfix.conf included with the fail2ban package. For amavis log file i use the following configuration: --- filter.d/amavis.local [INCLUDES] before = common.conf [Definition] _daemon = amavis failregex = ^%(__prefix_line)s.*(Blocked|Passed) (INFECTED|SPAM|SPAMMY) {(RejectedInbound|RelayedTaggedInbound)}, \[\] ignoreregex = --- - Markus
Re: OT: Fail2ban linux
On Sun, 12 Oct 2014 03:27:41 -0300 Julio Cesar Covolato wrote: > Anyone has a good rule for postfix smtpd whit fail2ban? > Google is not enough for you? http://www.fail2ban.org/wiki/index.php/Postfix