From owner-freebsd-questions@FreeBSD.ORG Sun Oct 19 17:35:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A8A91065679 for ; Sun, 19 Oct 2008 17:35:01 +0000 (UTC) (envelope-from sahil@tandon.net) Received: from aegis.hamla.org (aegis.hamla.org [206.251.255.39]) by mx1.freebsd.org (Postfix) with ESMTP id 3B5E88FC14 for ; Sun, 19 Oct 2008 17:35:01 +0000 (UTC) (envelope-from sahil@tandon.net) Received: from localhost (localhost [127.0.0.1]) by aegis.hamla.org (Postfix) with ESMTP id 8213A5C79 for ; Sun, 19 Oct 2008 13:35:46 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tandon.net; h= x-virus-scanned:in-reply-to:content-disposition:content-type :mime-version:references:reply-to:message-id:subject:from:date: received; s=aegis; t=1224437743; bh=+QSFM5DIac+w0hcNcDBEv/plQaNe vQ4cerrfk4IjN5w=; b=U8GtJxA9gvThyH8GLySV/H39z8ByjSHmVL6gbHGeYGBI c5EQXXF48UkGqL8x5oVr6GAplHq4Y3Nw5pNIST9PyN0uWzq19/4TshPK5xBcaXD8 I0y5gNTRocyhKIASQIcVuFf7rbsdCqjuI1KfkHRUu2D8oOI3i07e1jJ5scRDVdw= Received: from aegis.hamla.org ([127.0.0.1]) by localhost (aegis.hamla.org [127.0.0.1]) (amavisd-new, port 10027) with LMTP id P58d3387Vtqi for ; Sun, 19 Oct 2008 13:35:43 -0400 (EDT) Date: Sun, 19 Oct 2008 13:34:57 -0400 From: Sahil Tandon To: freebsd-questions@freebsd.org Message-ID: <20081019173456.GA53615@shepherd> References: <48FB5F6C.6070205@webrz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48FB5F6C.6070205@webrz.net> X-Virus-Scanned: ClamAV version 0.94, clamav-milter version 0.94 on aegis.hamla.org X-Virus-Status: Clean Subject: Re: Postfix communicating with IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "freebsd-questions@freebsd.org" List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2008 17:35:01 -0000 Jos Chrispijn wrote: > I recently got attacked with some dsl subscribers of this (imaginary) > some.net domain. > > These subscribers present themselves as [ip address.dynamic.some.net]. > Postfix SMTP server: errors from 66-66-66-166.dynamic.some.net > [66.66.66.166] > > What I would like to do is to generate a some.net list with all these > dynamic ip addresses and provide them to my ipfw firewall in order to block > them on the moment that they try to relay a 2nd time thru my server. This > will cause less process time as it is quicker to send someone home by the > doorkeeper (ipfw) rather than check his credentials first (Postfix) and > tell him to get lost. True, but Postfix can handle these rejects just fine though YMMV depending on your load and other aspects of your setup to which we aren't privy. > Is there any way to let postfix 'communicate' with my ipfw firewall? No, but you can write a script that parses your maillog and accordingly updates firewall rules. Tools like fail2ban are often mentioned here -- check the archives and adapt as necessary. -- Sahil Tandon