My mail.log is overflowing with random spammers attempting to send spam through my server.
Is this typical or have I misconfigured something?
Is there a way to ban an IP after several attempts of relaying or is there a way not to log these attempts? (latter might be a bad idea)
-
Once they find an IP that answers to port 25, they'll try everything they can to relay through it or guess valid email addresses that they can deliver spam to. I don't think you want to quit logging it just in case something does come through that you later need to diagnose.
fail2ban and iptables --recent would cut down on the log entries by firewalling the IPs that are attempting to connect multiple times. Each has a 'window' of opportunity for a spammer to try before getting blocked. fail2ban would be better in this case as it would block based on failure messages. iptables --recent is much less discriminate and might block legitimate connections that passed a threshhold.
You could alter your syslog configuration to log only .info to your maillog, and .warn/.err to a separate file.
styts : Thanks, working on setting up fail2ban as you recommended.From karmawhore -
You can also set these options for postfix to reject connections from rogue clients.
smtpd_error_sleep_time = 10s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20From topdog
0 comments:
Post a Comment