Date: Sun, 19 Oct 2008 13:34:57 -0400 From: Sahil Tandon <sahil@tandon.net> To: freebsd-questions@freebsd.org Subject: Re: Postfix communicating with IPFW Message-ID: <20081019173456.GA53615@shepherd> In-Reply-To: <48FB5F6C.6070205@webrz.net> References: <48FB5F6C.6070205@webrz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jos Chrispijn <jos@webrz.net> wrote: > I recently got attacked with some dsl subscribers of this (imaginary) > some.net domain. > > These subscribers present themselves as [ip address.dynamic.some.net]. > Postfix SMTP server: errors from 66-66-66-166.dynamic.some.net > [66.66.66.166] > > What I would like to do is to generate a some.net list with all these > dynamic ip addresses and provide them to my ipfw firewall in order to block > them on the moment that they try to relay a 2nd time thru my server. This > will cause less process time as it is quicker to send someone home by the > doorkeeper (ipfw) rather than check his credentials first (Postfix) and > tell him to get lost. True, but Postfix can handle these rejects just fine though YMMV depending on your load and other aspects of your setup to which we aren't privy. > Is there any way to let postfix 'communicate' with my ipfw firewall? No, but you can write a script that parses your maillog and accordingly updates firewall rules. Tools like fail2ban are often mentioned here -- check the archives and adapt as necessary. -- Sahil Tandon <sahil@tandon.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081019173456.GA53615>