|

»

postfix iptables spam detection

View: New views

4 Messages — Rating Filter: Alert me

	postfix iptables spam detection by Wojciech Ziniewicz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'm looking for a tool similar to http://www.fail2ban.org/ but for SMTP protocol. I have mail server that filters unwanted traffic from spammers quite well, but some of my clients send tons of spam (of course they're normally authenticated and let through ) and after it's queued , my server starts dying because of several thousand emails in mail queue. I was wondering if there's any tool like fail2ban or policyd-weight that would ban or blacklist a message before it's queued on the basis of syslog stats (number of smtp connections per minute etc). regards -- Wojciech Ziniewicz http://rfc.sunsite.dk/rfc/rfc2324.html -- To UNSUBSCRIBE, email to debian-isp-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: postfix iptables spam detection by Gabor Heja :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I think you can configure fail2ban to detect that kind of attacks. It has the filter.d/*.conf files, where you can configure filters for specific regex patterns. You can create your own as well, and then all you need is to add your custom filter in jail.local (or jail.conf, but that is not advised). Best regards, Gabor Ps: sorry for the duplicate mail, have not cc-ed the list before. On Wed, 26 Aug 2009 14:11:39 +0200, Wojciech Ziniewicz <wojciech.ziniewicz@...> wrote: > Hi, > > I'm looking for a tool similar to http://www.fail2ban.org/ but for > SMTP protocol. > > I have mail server that filters unwanted traffic from spammers quite > well, but some of my clients send tons of spam (of course they're > normally authenticated and let through ) and after it's queued , my > server starts dying because of several thousand emails in mail queue. > > I was wondering if there's any tool like fail2ban or policyd-weight > that would ban or blacklist a message before it's queued on the basis > of syslog stats (number of smtp connections per minute etc). > > > regards > > -- > Wojciech Ziniewicz > http://rfc.sunsite.dk/rfc/rfc2324.html > > > -- To UNSUBSCRIBE, email to debian-isp-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: postfix iptables spam detection by Wojciech Ziniewicz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 2009/8/26 Héja Gábor <kakaopor@...>: > > Hi, > > I think you can configure fail2ban to detect that kind of attacks. > > It has the filter.d/*.conf files, where you can configure filters for > specific regex patterns. You can create your own as well, and then all you > need is to add your custom filter in jail.local (or jail.conf, but that is > not advised). HI, it looks like last time I was looking for this functionality , fail2ban didn't have it , but now it looks mature. thank You regards. -- Wojciech Ziniewicz http://rfc.sunsite.dk/rfc/rfc2324.html -- To UNSUBSCRIBE, email to debian-isp-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: postfix iptables spam detection by Henrique de Moraes Holschuh :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 26 Aug 2009, Wojciech Ziniewicz wrote: > I have mail server that filters unwanted traffic from spammers quite > well, but some of my clients send tons of spam (of course they're > normally authenticated and let through ) and after it's queued , my > server starts dying because of several thousand emails in mail queue. postfix has so much throttling control, it is not funy. I suggest you look into using the built-in rate limiters. There is absolutely no reason why your mail server should continue to accept messages from a single client if it will go down due to the load causing problems for the other clients. This won't do all you want, but at least it will protect your server. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-isp-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...