Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )

Advanced DNS Management
New ZoneEdit. New Managment.


Sign Up Now
Closed TopicStart new topic
> Postfix Fail2Ban install, Stop those pesky spy bots from filling up log file
post Mar 20 2009, 06:27 PM
Post #1

Its GNU/

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


This is going to show you how to install Fail2Ban which is a nice little piece of software (or let's admit it, it's really awesome) that can create iptables rules and remove them automaticaly based on your
log files, it can be used with postfix (as in this guide) or with vsftpd , ssh etc... it's config file /etc/fail2ban/jail.conf is quiet detailed about this.

So back to the main thing, you've setup your mail server and it's working fine, only authenticated users are able to send mail, your are not open relay, but still your maillog is full with NOQUEUE junk from
spam bots, the ip's are random, and you come to realize that your maillog is becoming more and more useless, it's hard to find usefull stuff amongs all the junk. Well you need to install Fail2Ban.

Let's being :

You'll need to have DAG's repo on your centos 4.x or 5.x install (I havent tried other distros , but except the installation part , the config is the same) , if you are using any other distro you can find the
package here for quiet a lot of supported distros

Add the following two repost into your yum repos list , /etc/yum.repos.d/CentOS-Base.repo.

name=Dag RPM Repostory for Red Hat Enterprise Linux

name=CentOS.Karan.Org-EL$releasever - Stable

Then run the following command to intall Fail2Ban

yum install fail2ban

And now edit the config file /etc/fail2ban/jail.conf, add these lines to enable postfix filtering :

bantime  = 86400


  enabled = true
  filter  = postfix
  action  = iptables[name=SMTP, port=smtp, protocol=tcp]
  logpath = /var/log/maillog
  maxretry= 3

now you start the daemon using the following comands

chkconfig fail2ban on
/etc/init.d/fail2ban start

bantime - is the time the ip is banned for, I have 6 domains here, and my avarage NOQUEUE messages / min were 400 , now it's 30 / min . I've set this to a large value because these ip's are all spam bots
you need to find the time suited for you, I'd say go for 3600 that is 1 hour , that is not to much.

To see it in action check

there you will see info about blocked ip addresses, also by runing
iptables -L

you will see fail2ban adding new rules to iptables.

By all mean this is a highly recommended addon to your defenses even if you are not using postfix.

Robert Becskei

Robert Becskei
May the source be with us!
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
Go to the top of the page
+Quote Post

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 15th July 2018 - 06:29 PM