Postfix

fail2ban 拒絕暴力垃圾郵件機器人

  • January 29, 2017

如果我從中修改後綴fail2ban規則是否明智:

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
       ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
       ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
       ^%(__prefix_line)sNOQUEUE: reject: EHLO from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname;
       ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
       ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
       ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$

通過添加以下行:

 ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 550 5\.1\.1 .*$

因為我試圖防止這樣的攻擊:

Jan 27 09:42:02 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <chiquia9p34@acosonic.com>: Recipient address rejected: User unkn
own in virtual alias table; from=<crazy434808@airoclean.ch> to=<chiquia9p34@acosonic.com> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:42:03 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <chiquia@acosonic.com>: Recipient address rejected: User unknown 
in virtual alias table; from=<crazy434808@airoclean.ch> to=<chiquia@acosonic.com> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <michaela9p34@acosonic.com>: Recipient address rejected: User unk
nown in virtual alias table; from=<crazy878210@camgirl-info.com> to=<michaela9p34@acosonic.com> proto=ESMTP helo=<[109.107.106.180]>
Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <michaela@acosonic.com>: Recipient address rejected: User unknown
in virtual alias table; from=<crazy878210@camgirl-info.com> to=<michaela@acosonic.com> proto=ESMTP helo=<[109.107.106.180]>

我擔心的是,它會丟棄無意的錯誤電子郵件,這些電子郵件應該被退回給意外錯過電子郵件地址的使用者。

你有什麼建議?

這種事情總要找到一個平衡點。一次性或偶爾失敗可能是發件人的錯誤。短時間內多次失敗可能表明您希望實施(臨時)禁令。

這就是為什麼 fail2ban 具有可用於調整靈敏度的參數的原因。例如,您可以設置maxretryfindtime。maxretry 設置是在 findtime 內允許的失敗嘗試次數,超過此次數,地址將被禁止。

我會仔細查看文件並了解正在發生的事情並適當地設置參數。

引用自:https://serverfault.com/questions/828921