Mail::MtPolicyd::Plugin::Fail2Ban - mtpolicyd plugin to block an address with fail2ban
This plugin can be used to block an ip with iptable thru the fail2ban daemon.
For more information abount fail2ban read:
This plugin will directly talk to the daemon thru the unix domain socket and execute an banip command:
set <JAIL> banip <IP>
- socket (default: /var/run/fail2ban/fail2ban.sock)
Path to the fail2ban unix socket.
Make sure mtpolicyd is allowed to write to this socket!
- jail (default: postfix)
The jail in which the ip should be banned.
Execute a ban on all client-ips which send a mail with a score of >=15:
<Plugin ScoreBan> module = "ScoreAction" threshold = 15 <Plugin ban-ip> module = "Fail2Ban" socket = "/var/run/fail2ban/fail2ban.sock" jail = "postfix" </Plugin> </Plugin>
To allow mtpolicyd to access fail2ban you must make sure fail2ban can write to the fail2ban unix socket.
chgrp mtpolicyd /var/run/fail2ban/fail2ban.sock chmod g+rwx /var/run/fail2ban/fail2ban.sock
You may want to add this to the fail2ban startup script.
You may want to use the predefined postfix jail. To activate it create /etc/fail2ban/jail.local and enable the postfix fail by setting enabled=true.
[postfix] enabled = true
Markus Benning <firstname.lastname@example.org>
This software is Copyright (c) 2014 by Markus Benning <email@example.com>.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991