Topic: **solved** fail2ban not working
==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====
Mail server under a heavy attack, 1000 and more om maillog
May 22 14:47:46 mx postfix/smtpd[16453]: connect from unknown[222.79.94.236]
May 22 14:47:46 mx postfix/smtpd[16453]: NOQUEUE: reject: RCPT from unknown[222.79.94.236]: 504 5.5.2 <stuutdjlo>: Helo command rejected: need fully-qualified hostname; from=<ocsoyn@test.35zhanli.com> to=<maryabing@yahoo.com> proto=ESMTP helo=<stuutdjlo>
May 22 14:47:46 mx postfix/smtpd[16453]: lost connection after RCPT from unknown[222.79.94.236]
May 22 14:47:46 mx postfix/smtpd[16453]: disconnect from unknown[222.79.94.236]
How can i block this IP, tried
#-A INPUT -s 222.79.94.236 -p tcp --destination-port 25 -j DROP
#-A INPUT -s 222.79.94.236 -p tcp --destination-port 587 -j DROP
but not work, any idea??
fail2ban is not enabled by default.
Steps.
1.- chkconfig fail2ban on
2.- /etc/init.d/fail2ban start
3.- edit vi /etc/fail2ban/filter.d/postfix.iredmail.conf
4.- add rule reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2 at end of rules
5.- on /etc/sysconfig/iptables
6.- add #-A fail2ban-postfix tcp -- anywhere anywhere multiport dports smtp,ssmtp at end of rules
hope usefull for any else
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.