Fatal编程技术网
  • postfix-mta/
  • Postfix mta 阻止后缀上的请求(fail2ban)

Postfix mta 阻止后缀上的请求(fail2ban)

Postfix mta 阻止后缀上的请求(fail2ban),postfix-mta,fail2ban,Postfix Mta,Fail2ban,我在邮件日志中看到了相同的非smtp请求,我不知道缺少了什么,因此可以阻止这些请求 fail2ban已设置,我已配置jail.local文件。如何阻止这6个请求: Feb 10 10:58:57 host postfix/submission/smtpd[5167]: warning: non-SMTP command from unknown[161.35.7.72]: GET /system_api.php HTTP/1.1 Feb 10 10:58:5

我在邮件日志中看到了相同的非smtp请求,我不知道缺少了什么,因此可以阻止这些请求

fail2ban已设置,我已配置jail.local文件。如何阻止这6个请求:

Feb 10  10:58:57    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /system_api.php HTTP/1.1
Feb 10  10:58:57    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /c/version.js   HTTP/1.1
Feb 10  10:58:58    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /streaming/clients_live.php HTTP/1.1
Feb 10  10:58:58    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /stalker_portal/c/version.js    HTTP/1.1
Feb 10  10:58:58    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /client_area/   HTTP/1.1
Feb 10  10:58:59    host    postfix/submission/smtpd[5167]: warning:    non-SMTP    command from    unknown[161.35.7.72]:   GET /stalker_portal/c/  HTTP/1.1
postfix配置的jail.local如下所示:

[postfix]

# To use another modes set filter parameter "mode" in jail.local:
enabeld = true
mode    = more
port    = smtp,ssmtp,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s

bantime  = 1000
findtime  = 10000
maxretry = 3
maxmatches = %(maxretry)s
bantime.increment = true
bantime.rndtime = 1000
bantime.factor = 1
bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
bantime.multipliers = 1 2 4 8 16 32 64
bantime.overalljails = true

[后缀]
#要使用其他模式,请在jail.local中设置过滤器参数“mode”:
enabeld=true
模式=更多
端口=smtp、ssmtp、提交
logpath=%(后缀_log)s
后端=%(后缀_后端)s
班次=1000
findtime=10000
maxretry=3
maxmatches=%(maxretry)s
bantime.increment=true
bantime.rndtime=1000
bantime.factor=1

bantime.formula=ban.Time*(1为什么不尝试在conf文件中定义fail regex,例如:


failregex = 161.35.7.72.*GET.*/system_api.php.*




要进行更多的输出检查,缺少的部分是过滤器中的,因此fail2ban知道要禁止哪个IP

过滤器现在如下所示:


[Definition]
failregex = ^.*\[<HOST>].*system\_api
            ^.*\[<HOST>].*c\/version\.js
            ^.*\[<HOST>].*streaming\/clients
            ^.*\[<HOST>].*client\_area
            ^.*\[<HOST>].*stalker\_portal

datepattern = ^[^\[]*\[({DATE})
              {^LN-BEG}

ignoreregex =



[定义]
failregex=^.*\[].*系统\\u api
^.\[]c\/version\.js
^.\[].*流式处理\/客户端
^.\[].*客户端\\u区域
^.\[].*跟踪者\\u门户
datepattern=^[^\[]*\[({DATE})
{^LN-BEG}
ignoreregex=