参考链接:https://kn007.net/topics/postfix-advanced-to-use-fail2ban-defense-attacks/,在这位大佬基础上加了一条规则
安装fail2ban请参考这个链接
编辑/etc/fail2ban/jail.conf并添加规则:
[postfix-ddos]
enabled = true
filter = postfix-ddos
action = iptables-allports[name=MAIL, protocol=all]
logpath = /var/log/maillog
maxretry = 2
findtime = 86400
bantime = 604800

echo '
[postfix-ddos]
enabled  = true
filter   = postfix-ddos
action   = iptables-allports[name=MAIL, protocol=all]
logpath  = /var/log/maillog
maxretry = 2
findtime = 86400
bantime  = 604800'>>/etc/fail2ban/jail.conf

然后创建一个新文件:/etc/fail2ban/filter.d/postfix-ddos.conf,写入相关配置

echo '[INCLUDES]

before = common.conf

[Definition]

_daemon = postfix/(submission/)?smtp(d|s)

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
            ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2 .*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
            ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
            ^%(__prefix_line)slost connection after \S+ from [^[]*\[<HOST>\]:?$
            ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
            ^%(__prefix_line)sstatistics: max connection rate \S+ for \(smtp:<HOST>\):?$
            ^%(__prefix_line)swarning: non-SMTP command from [\S\s]*\[<HOST>\]: GET .* HTTP/1\.1$

ignoreregex = lost connection after .* from unknown\[unknown\]$
              authentication failed: Connection lost to authentication server$
              statistics: max connection rate .* for \(smtp:unknown\).*$

[Init]

journalmatch = _SYSTEMD_UNIT=postfix.service'>/etc/fail2ban/filter.d/postfix-ddos.conf

然后重启fail2ban即可生效

service fail2ban restart
本文作者:小欢

本文链接:利用fail2ban防止他人爆破postfix邮件服务 - https://www.xh-ws.com/archives/fail2ban_postfix.html

版权声明:如无特别声明,本文即为原创文章,仅代表个人观点,版权归 小欢博客 所有,遵循知识共享署名-相同方式共享 4.0 国际许可协议。转载请注明出处!