Ping a Specific Port

Question

Javier Novoa C.

Asked: 2011-01-22 07:56:14 +0800 CST2011-01-22 07:56:14 +0800 CST 2011-01-22 07:56:14 +0800 CST

postfix someone is trying to access my server, failing auth access. How to ban it?

772

I have a postfix mail server.

I'm currently receiving a lot of messages telling me that someone with certain IP address is trying to access my server, failing always in the AUTH LOGIN

So... I'm kind of tired of receiving this messages. How can I block this IP address from trying to access my server?

I already tried this (and maybe I tried it badly, please correct me if I'm wrong...):

1)

In main.cf

smtpd_client_restrictions = check_client_access hash:/etc/postfix/ip_access

And in ip_access file

ip.address.num.ber REJECT

and after that, run

postmap ip_access

And restarting the server, it really doesn't works. I still receive annoying messages...

I receive nothing at logs

2)

In main.cf

smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/ip_access, check_recipient_access hash:/etc/postfix/ip_access
smtpd_sender_restrictions = check_client_access hash:/etc/postfix/ip_access, check_recipient_access hash:/etc/postfix/ip_access

In ip_access file

ip.address.num.ber 550 we do not accept spam

and after that, run again

postmap ip_access

And restarting the server, I get this at logs:

fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

and also I then stop receiving any messages from any sender, not just this ip address I want to ban...

any idesas? Thanks!

5 Answers

Voted

symcbean · Answer 1 · 2011-01-22T08:09:21+08:00

Best Answer

symcbean

2011-01-22T08:09:21+08:002011-01-22T08:09:21+08:00

Since it was written by Weitze Venema, it should be compile against tcp wrappers - just add the ip to /etc/hosts.deny

For automated response to new probes, have a look at fail2ban

5

Chris S · Answer 2 · 2011-01-22T08:00:15+08:00

Chris S

2011-01-22T08:00:15+08:002011-01-22T08:00:15+08:00

Fail2Ban

2

Niall Donegan · Answer 3 · 2011-01-22T08:01:05+08:00

Niall Donegan

2011-01-22T08:01:05+08:002011-01-22T08:01:05+08:00

Why not have a look at something like Fail2Ban. It can monitor the log files and block ips based on certain criteria using iptables. This means that Postfix will be left to do what it does best and deliver mail.

2

klipz · Answer 4 · 2011-01-23T03:01:34+08:00

klipz

2011-01-23T03:01:34+08:002011-01-23T03:01:34+08:00

You can also use a simple iptables rule :

iptables -I INPUT -s ip_to_block -m tcp -p tcp --dport 25 -j REJECT

1

John 'Shuey' Schuepbach · Answer 5 · 2011-04-03T21:48:05+08:00

John 'Shuey' Schuepbach

2011-04-03T21:48:05+08:002011-04-03T21:48:05+08:00

If you plan on using Fail2Ban, you may be in the same boat I was in: it's hard to find good info on how to permanently ban IP's. This article was a godsend for me! Fail2Ban: Permanent SSH Bans

1

postfix someone is trying to access my server, failing auth access. How to ban it?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?