On 09/12/17 14:19, Marat Khalili wrote:
> If your firewall is capable of running fail2ban, I'd consider sending
> postscreen logs to it instead.
Hmm. That's an option I hadn't considered.
The firewall is an embedded device (Ubiquiti EdgeRouter POE/5), so I
don't have a gigantic amount of RAM or
On 12/09/17 18:19, Phil Stracchino wrote:
Has anyone set up fail2ban to trigger from postscreen rejections and apply
blocks to a firewall on a separate host? And if so, any tips to share?
Solved simpler task: separate host (container actually) but still iptables.
Cloned iptables-multiport.conf
On 09/12/17 12:32, Noel Jones wrote:
> Tip #1: Ignore these. The log entries are annoying, but other than
> logs this causes pretty close to zero impact on your system.
> Tip #4: Just ignore the log entries. The same IP probably goes away
> fairly soon, so blocking the IP probably doesn't do muc
On 9/12/2017 10:19 AM, Phil Stracchino wrote:
> This is semi-hypothetical ...
>
> I often see spews of failed connect attempts logged by postscreen:
>
> Sep 12 11:13:09 minbar postfix/postscreen[9238]: CONNECT from
> [70.39.115.203]:54708 to [10.24.32.15]:25
> Sep 12 11:13:09 minbar postfix/posts
This is semi-hypothetical ...
I often see spews of failed connect attempts logged by postscreen:
Sep 12 11:13:09 minbar postfix/postscreen[9238]: CONNECT from
[70.39.115.203]:54708 to [10.24.32.15]:25
Sep 12 11:13:09 minbar postfix/postscreen[9238]: PREGREET 14 after 0.12
from [70.39.115.203]:547
