Blocking spambots with SCROLLOUT F1 and fail2ban

I asume that you have a fuly functional SCROLLOUT F1 instalation and you want to add spambot blocking feature.
Ad the following line to /etc/apt/sources list

deb http://ftp.debian.org/debian unstable main

Then run

apt-get update
apt-get -t unstable install fail2ban
cd /etc/fail2ban
cp jail.conf jail.local

Edit jail.local

[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 2
bantime = 7200

Edit /etc/fail2ban/filter.d/postfix.conf

failregex = reject: RCPT from (.*)\[\]: 450 4.7.1
reject: RCPT from (.*)\[\]: 554 5.7.1
reject: RCPT from (.*)\[\]: 550 5.1.1
reject: RCPT from (.*)\[\]:\d{5}: 550 5.5.1

Then run
service fail2ban restart
To check if it is working run:

fail2ban-client status postfix
iptables -L -n

You can play with following parameters:
maxretry, bantime, findtime
Do not forget:

  • always edit jail.local instead of jail.conf (this way you don not risk to stay outside if software is updated
  • put your trusted IP addresses in ignoreip
Tagged , , , , . Bookmark the permalink.

Comments are closed.