fail2ban for dnsblog

  • Hello,

    (Attention: please read the following post about whitelisted entries!)

    currently I was under attack from a host which was on a dns blocklist (dnsbl) but was keep on trying with about 20 connections per second. So I decided to do something against it because postscreen blocked it but produced a lot of used cpu power from postscreen as well as fail2ban. Maybe this could help someone else too:

    1. [postfix-dnsblog]
    2. enabled = true
    3. port = smtp,465,submission
    4. logpath = /var/log/mail.log
    5. maxretry = 10
    6. bantime = 300

    This is banning after 10 dnsblog entries for 300 seconds (5 minutes). And for me it is saving a lot of cpu at the moment :P

    Edited 3 times, last by UncleSam: corrected link ().

  • Additional information:
    After some hours of testing I found a small mistake: dnsblog also logs if it was a whitelist entry. So all in all whitelisted mail servers get banned by this howto too. So this is not the final solution :S

  • @Speddy

    What do you want to say us with that? The link is the same as in post 1 and the problem still persist, that you will also block whitelisted IP addresses.

  • @mrpink

    The link in the first post is mistaken. Therefore, @Speddy has provided the right link ;)


  • Thanks Nuxwin I meant that.

    my System :

    - Distribution: Debian | Release: 9.8 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.2.1), Mailgraph (v 1.1.1), OpenDKIM (v 1.1.3), PanelRedirect (v 1.1.5) & SpamAssassin (v 1.1.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 4.0.1), RoundcubePlugins (v 2.0.1)