fail2ban for dnsblog

  • Hello,


    (Attention: please read the following post about whitelisted entries!)


    currently I was under attack from a host which was on a dns blocklist (dnsbl) but was keep on trying with about 20 connections per second. So I decided to do something against it because postscreen blocked it but produced a lot of used cpu power from postscreen as well as fail2ban. Maybe this could help someone else too:


    Code
    1. [postfix-dnsblog]
    2. enabled = true
    3. port = smtp,465,submission
    4. logpath = /var/log/mail.log
    5. maxretry = 10
    6. bantime = 300

    This is banning after 10 dnsblog entries for 300 seconds (5 minutes). And for me it is saving a lot of cpu at the moment :P

    Edited 3 times, last by UncleSam: corrected link ().

  • Additional information:
    After some hours of testing I found a small mistake: dnsblog also logs if it was a whitelist entry. So all in all whitelisted mail servers get banned by this howto too. So this is not the final solution :S

  • @Speddy


    What do you want to say us with that? The link is the same as in post 1 and the problem still persist, that you will also block whitelisted IP addresses.

  • @mrpink


    The link in the first post is mistaken. Therefore, @Speddy has provided the right link ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Thanks Nuxwin I meant that.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0