block specific IP addresses
in [Postfix]
|
From: CT on 15 Apr 2010 17:43 I have several boxes that "check" my relay every 40 seconds to check that the server is up. After multiple attempts to get the number of checks reduced I would like the know the preferred way to block specific IP addresses in Postfix. I have no issue with checks.. but every 40 seconds is ridiculous. OS : CentOS 5.4 Postfix version: 2.5.1 Thx Charles
From: Sahil Tandon on 15 Apr 2010 17:51 On Thu, 15 Apr 2010, CT wrote: > I have several boxes that "check" my relay every 40 seconds to > check that the server is up. > > After multiple attempts to get the number of checks reduced I would > like the know the preferred way to block specific IP addresses in Postfix. http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/access.5.html -- Sahil Tandon <sahil(a)FreeBSD.org>
From: Stan Hoeppner on 15 Apr 2010 18:16 CT put forth on 4/15/2010 4:43 PM: > I have several boxes that "check" my relay every 40 seconds to > check that the server is up. > > After multiple attempts to get the number of checks reduced I would > like the know the preferred way to block specific IP addresses in Postfix. > > I have no issue with checks.. but every 40 seconds is ridiculous. To accomplish the task in Postfix, blocking only SMTP connections from those IP addresses: edit: /etc/postfix/main.cf smtpd_[client/recipient]_restrictions = ... check_client_access hash:/etc/postfix/blacklist ... # [client/recipient] selection depends on whether you use the "everything under smtpd_recipient_restrictions" style main.cf layout. create: /etc/postfix/blacklist .... 1.2.3.4 REJECT 4.3.2.1 REJECT 3.2.1.4 REJECT .... /$ postmap /etc/postfix/blacklist /$ postfix reload Simply eh? Or to deny all port access from those IPs, if using Linux, use Netfilter: /$ iptables -I INPUT -s 1.2.3.4 -j DROP /$ iptables -I INPUT -s 4.3.2.1 -j DROP /$ iptables -I INPUT -s 3.2.1.4 -j DROP iptables inputs are non persistent across reboots. Without knowing what OS/distro you're using, I'll give generic instructions on running this at system startup instead of rc.* instructions. As root, create something like /usr/bin/load_iptables.sh and make sure the execute bit is set. #! /bin/sh iptables -I INPUT -s 1.2.3.4 -j DROP iptables -I INPUT -s 4.3.2.1 -j DROP iptables -I INPUT -s 3.2.1.4 -j DROP As root create this crontab entry usually with "crontab -e" @reboot /usr/bin/load_iptables.sh Now all packets from those IPs will be dropped. Hope this helps. -- Stan
From: mouss on 15 Apr 2010 19:03 CT a �crit : > I have several boxes that "check" my relay every 40 seconds to > check that the server is up. > > After multiple attempts to get the number of checks reduced I would > like the know the preferred way to block specific IP addresses in Postfix. > > I have no issue with checks.. but every 40 seconds is ridiculous. > the first answer is: try to reach their abuse/postmaster. if you fail, then firewall them. if so, just DROP their traffic (this will cause more delay on their side). you can also redirect their traffic to a "slow silly server" ("torture server").
From: groups on 15 Apr 2010 19:30 Stan Hoeppner wrote, On 04/15/2010 05:16 PM: > CT put forth on 4/15/2010 4:43 PM: >> I have several boxes that "check" my relay every 40 seconds to >> check that the server is up. >> >> After multiple attempts to get the number of checks reduced I would >> like the know the preferred way to block specific IP addresses in Postfix. >> >> I have no issue with checks.. but every 40 seconds is ridiculous. > > To accomplish the task in Postfix, blocking only SMTP connections from those > IP addresses: > > edit: /etc/postfix/main.cf > > smtpd_[client/recipient]_restrictions = > ... > check_client_access hash:/etc/postfix/blacklist > ... > > # [client/recipient] selection depends on whether you use the "everything > under smtpd_recipient_restrictions" style main.cf layout. > > create: /etc/postfix/blacklist > > ... > 1.2.3.4 REJECT > 4.3.2.1 REJECT > 3.2.1.4 REJECT > ... > > /$ postmap /etc/postfix/blacklist > /$ postfix reload > > Simply eh? <snip> Stan... I had ran across your suggestion in my searches but figured I would ask to be sure I was heading down the right path... These IP's are on my trusted subnets but I *wasn't* sure of was that if I did create the blacklist if I also have to create a whitelist for my "trusted subnets" Looks like I don't.. and yes very simple.. I like simple.. since there are only a handful of "top pollers" and ..Exactly what I was looking for.. Syntax follow up question... 1.2.3.4 <tab> REJECT or 1.2.3.4 <tab><tab> REJECT Thx charles
|
Next
|
Last
Pages: 1 2 Prev: Trouble with virtual_alias_maps and mailman stopped working Next: crl support? |