From: Fabian W. <fa...@we...> - 2013-12-02 22:51:17
|
Hello Cristian On 29.10.2013 13:46, Cristian Mammoli wrote: > Hi, I'm using this tool > http://www.gufonero.com/postfix/check_auth_log.html to parse postfix logs. > > It's a tool to limit damages done by spammers using stolen smtp credentials. > The tool works but is slow and inefficient. I already have fail2ban in > place, is it possible to configure it for the same purpose? I have created something like this in fail2ban with calling a script from the action (custom action). It does not quite what you are asking, but it can take actions only if the source IP address is from a foreign country (based on whois output). I have two different action, one does just ban like regular f2b, and the other one would disable SMTP accounts. I have published it at [1], maybe it may inspire you to use this idea and adapt for Postfix. [1] http://www.wenks.ch/fabian/fail2ban/action-with-script.html bye Fabian |