efa-project.org

This simple script scan incoming messages each minute,
Only if it found some spam in the last minute it rebuild the ip ban table and pass it to postfix.
this table tell to postfix to reject messages from spam ip, they are ip that recently sent spam without sending some ham

Put attached file postban.sh in a dir (example /batch/postban.sh)
chmod 777 /batch/postban.sh
Put in root cron a line that execute this script every minute :
* * * * * /batch/postban.sh > /dev/null
Modify your main.cf in postfix at this line like here and then postfix reload :
smtpd_client_restrictions = (OTHER YOUR PARAMETERS) check_client_access hash:/etc/postfix/postban_access
Set your ROOTPWD of your mysql server in postban.sh Parameters section
Set your RJMESSAGE in postban.sh Parameters section
Optionally set other parameters in postban.sh Parameters section
You can see working in /batch/postban.log

after double checking seems only this part is new from the last version: S0 - right?

Also, how do I edit this: if I only run my cron job say every 5 minutes as opposed to your setting of every minute?

The script run every 1 minute to catch immediately new spam attack
note that every minute it check for spam in the last minute, if no spam found it doesnt rebuild the table

as I said, my cron job runs every 5 minutes. But I have now changed it to every minute as you recommended.

in case in mailscanner indicates several IP address how does the script? is it blocks all the IP addresses? or only one?

wilbourne wrote:in case in mailscanner indicates several IP address how does the script? is it blocks all the IP addresses? or only one?

The script is self explaining, it extracts all IPs which correspond to the values you gave it then blocks all those IPs on MTA level.

thank's