Postfix
fail2ban 拒絕暴力垃圾郵件機器人
如果我從中修改後綴fail2ban規則是否明智:
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: EHLO from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname; ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <\S*>: Sender address rejected: Domain not found; from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
通過添加以下行:
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 550 5\.1\.1 .*$
因為我試圖防止這樣的攻擊:
Jan 27 09:42:02 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <chiquia9p34@acosonic.com>: Recipient address rejected: User unkn own in virtual alias table; from=<crazy434808@airoclean.ch> to=<chiquia9p34@acosonic.com> proto=ESMTP helo=<[109.107.106.180]> Jan 27 09:42:03 host1 postfix/smtpd[3416]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <chiquia@acosonic.com>: Recipient address rejected: User unknown in virtual alias table; from=<crazy434808@airoclean.ch> to=<chiquia@acosonic.com> proto=ESMTP helo=<[109.107.106.180]> Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <michaela9p34@acosonic.com>: Recipient address rejected: User unk nown in virtual alias table; from=<crazy878210@camgirl-info.com> to=<michaela9p34@acosonic.com> proto=ESMTP helo=<[109.107.106.180]> Jan 27 09:55:32 host1 postfix/smtpd[4914]: NOQUEUE: reject: RCPT from unknown[109.107.106.180]: 550 5.1.1 <michaela@acosonic.com>: Recipient address rejected: User unknown in virtual alias table; from=<crazy878210@camgirl-info.com> to=<michaela@acosonic.com> proto=ESMTP helo=<[109.107.106.180]>
我擔心的是,它會丟棄無意的錯誤電子郵件,這些電子郵件應該被退回給意外錯過電子郵件地址的使用者。
你有什麼建議?
這種事情總要找到一個平衡點。一次性或偶爾失敗可能是發件人的錯誤。短時間內多次失敗可能表明您希望實施(臨時)禁令。
這就是為什麼 fail2ban 具有可用於調整靈敏度的參數的原因。例如,您可以設置maxretry和findtime。maxretry 設置是在 findtime 內允許的失敗嘗試次數,超過此次數,地址將被禁止。
我會仔細查看文件並了解正在發生的事情並適當地設置參數。