Postfix mta 阻止后缀上的请求(fail2ban)
我在邮件日志中看到了相同的非smtp请求,我不知道缺少了什么,因此可以阻止这些请求 fail2ban已设置,我已配置jail.local文件。如何阻止这6个请求:Postfix mta 阻止后缀上的请求(fail2ban),postfix-mta,fail2ban,Postfix Mta,Fail2ban,我在邮件日志中看到了相同的非smtp请求,我不知道缺少了什么,因此可以阻止这些请求 fail2ban已设置,我已配置jail.local文件。如何阻止这6个请求: Feb 10 10:58:57 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /system_api.php HTTP/1.1 Feb 10 10:58:5
Feb 10 10:58:57 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /system_api.php HTTP/1.1
Feb 10 10:58:57 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /c/version.js HTTP/1.1
Feb 10 10:58:58 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /streaming/clients_live.php HTTP/1.1
Feb 10 10:58:58 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /stalker_portal/c/version.js HTTP/1.1
Feb 10 10:58:58 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /client_area/ HTTP/1.1
Feb 10 10:58:59 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /stalker_portal/c/ HTTP/1.1
postfix配置的jail.local如下所示:
[postfix]
# To use another modes set filter parameter "mode" in jail.local:
enabeld = true
mode = more
port = smtp,ssmtp,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
bantime = 1000
findtime = 10000
maxretry = 3
maxmatches = %(maxretry)s
bantime.increment = true
bantime.rndtime = 1000
bantime.factor = 1
bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
bantime.multipliers = 1 2 4 8 16 32 64
bantime.overalljails = true
[后缀]
#要使用其他模式,请在jail.local中设置过滤器参数“mode”:
enabeld=true
模式=更多
端口=smtp、ssmtp、提交
logpath=%(后缀_log)s
后端=%(后缀_后端)s
班次=1000
findtime=10000
maxretry=3
maxmatches=%(maxretry)s
bantime.increment=true
bantime.rndtime=1000
bantime.factor=1
bantime.formula=ban.Time*(1为什么不尝试在conf文件中定义fail regex,例如:
failregex = 161.35.7.72.*GET.*/system_api.php.*
要进行更多的输出检查,缺少的部分是过滤器中的,因此fail2ban知道要禁止哪个IP
过滤器现在如下所示:
[Definition]
failregex = ^.*\[<HOST>].*system\_api
^.*\[<HOST>].*c\/version\.js
^.*\[<HOST>].*streaming\/clients
^.*\[<HOST>].*client\_area
^.*\[<HOST>].*stalker\_portal
datepattern = ^[^\[]*\[({DATE})
{^LN-BEG}
ignoreregex =
[定义]
failregex=^.*\[].*系统\\u api
^.\[]c\/version\.js
^.\[].*流式处理\/客户端
^.\[].*客户端\\u区域
^.\[].*跟踪者\\u门户
datepattern=^[^\[]*\[({DATE})
{^LN-BEG}
ignoreregex=