This simple script scan incoming messages each minute,
Only if it found some spam in the last minute it rebuild the ip ban table and pass it to postfix.
this table tell to postfix to reject messages from spam ip, they are ip that recently sent spam without sending some ham
Put attached file postban.sh in a dir (example /batch/postban.sh)
chmod 777 /batch/postban.sh
Put in root cron a line that execute this script every minute :
* * * * * /batch/postban.sh > /dev/null
Modify your main.cf in postfix at this line like here and then postfix reload :
smtpd_client_restrictions = (OTHER YOUR PARAMETERS) check_client_access hash:/etc/postfix/postban_access
Set your ROOTPWD of your mysql server in postban.sh Parameters section
Set your RJMESSAGE in postban.sh Parameters section
Optionally set other parameters in postban.sh Parameters section
You can see working in /batch/postban.log
[postban.sh] new release
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
[postban.sh] new release
- Attachments
-
- postban.zip
- (1.57 KiB) Downloaded 279 times
Re: [postban.sh] new release
after double checking seems only this part is new from the last version: S0 - right?
Also, how do I edit this:
if I only run my cron job say every 5 minutes as opposed to your setting of every minute?
Also, how do I edit this:
Code: Select all
"SELECT count(clientip) \ FROM mailscanner.maillog \ WHERE timestamp > DATE_SUB(now(), INTERVAL 1 MINUTE) \
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
Re: [postban.sh] new release
The script run every 1 minute to catch immediately new spam attack
note that every minute it check for spam in the last minute, if no spam found it doesnt rebuild the table
note that every minute it check for spam in the last minute, if no spam found it doesnt rebuild the table
Re: [postban.sh] new release
as I said, my cron job runs every 5 minutes. But I have now changed it to every minute as you recommended.
Re: [postban.sh] new release
in case in mailscanner indicates several IP address how does the script? is it blocks all the IP addresses? or only one?
Re: [postban.sh] new release
The script is self explaining, it extracts all IPs which correspond to the values you gave it then blocks all those IPs on MTA level.wilbourne wrote:in case in mailscanner indicates several IP address how does the script? is it blocks all the IP addresses? or only one?