6 Apr
2013
6 Apr
'13
8:24 a.m.
Reindl Harald skrev den 2013-04-06 13:18:
has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs?
yes i have :)
pflogsumm
i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls
its simple to make a filter that checks unknown user in postfix logs, its even more simple if one make syslog to sql, then postfix can live block that ip that sends to unknown users
- add the IP to a distributed "iptables-block.sh" and distribute it to any server with a comment and timestamp
- write a abuse-mail to the ISP
that would be cool, lol :)