I have set up a working SMTP relay together with MailScanner. This SMTP relay is not — and will not be — able to relay email from the outside, only local email.
We are providing a SMTP relay for our customer so they can get notification from for example their Wordpress site. But sometimes - as you all know, the sites will be hacked and could start spamming emails (10k/ hour). I want to use fail2ban to block a server to do so.
For example: Customers site has been hacked and one of their vhost is spamming alot of emails. Fail2Ban detects the flood and block all trafic on port 25 from that server - and send me a email that "Server B has been blocked due to smtp-flood".
How can this be achieved?
As you use postfix, look at anvil configuration : it allow to limit the connections (without email to you). You can then use fail2ban to read the postfix logs and drop the connection and inform you by mail (look at http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit)
I found out that I can block it with iptables:
If a client send more then 4 emails per minute, it's getting blocked.