If you have multiple IPs (ETH0,ETH0:0, etc) running on a server with Postfix, chances are you are going to run into the problem of Postfix not using the mail IP that has the matching MX record to send mail.
When this happens most of the mail servers will label your mail as SPAM and/or reject it.
You can force Postfix to use the main servers IP address by adding the following lines to your /etc/postfix/main.cf:
smtp_bind_address = 1.1.1.1
*You would replace 1.1.1.1 with the main IP of your own server.
Restart Postfix with /etc/init.d/postfix restart
This might cause your mail to backup on the server if your have other services that might need a configuration tweak to continue working correctly, check your mail queue with this:
postqueue -p
If you see mail backing up in that queue for failed connections to 127.0.0.1, then you might have to start making some tweaks. If not, then you should be OK.
If you have AMAVIS running on the server then you might need to make this tweak for AMAVIS to properly work. Create the file /etc/amavis/conf.d/60-custom. Add the following line:
@inet_acl = qw( 127.0.0.1 [::1] 1.1.1.1 );
Restart AMAVIS with /etc/init.d/amavis restart
Now check the Postfix queue with postqueue -p again. If there is any mail still there try flushing it out with postqueue -f. The recheck it after a couple of seconds with postqueue -p again. It should be all gone now.
Wednesday, May 27, 2015
Thursday, May 14, 2015
Keeping the Botters, China and miscreants away.
My Fail2Ban is setup to send me mail every-time it bans an IP. Repeat offenders get the firewall treatment. I run a filter to move the to a separate folder of the same name.
I end up using IP tables to block the repeat offenders. They are just wasting your precious resources.
This is what I use so far:
iptables -I INPUT -m iprange --src-range 107.160.0.0-107.160.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 111.72.0.0-111.79.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 114.96.0.0-114.103.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 120.192.0.0-120.255.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 121.254.128.0-121.254.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 163.177.0.0-163.177.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 183.0.0.0-183.63.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 185.60.229.0-185.60.229.255 -j DROP
iptables -I INPUT -m iprange --src-range 187.1.16.0-187.1.31.255 -j DROP
iptables -I INPUT -m iprange --src-range 189.213.72.1-189.213.79.254 -j DROP
iptables -I INPUT -m iprange --src-range 194.63.142.0-194.63.142.255 -j DROP
iptables -I INPUT -m iprange --src-range 219.234.174.0-219.234.174.191 -j DROP
iptables -I INPUT -m iprange --src-range 222.184.0.0-222.191.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 27.255.64.0-27.255.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 59.99.0.0-59.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 61.176.0.0-61.176.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 80.82.64.0-80.82.79.255 -j DROP
iptables -I INPUT -m iprange --src-range 81.17.88.0-81.17.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 89.248.174.0-89.248.174.127 -j DROP
iptables -I INPUT -m iprange --src-range 93.174.88.0-93.174.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 192.99.0.0-192.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 122.228.228.0-122.228.228.15 -j DROP
This has reduced my Fail2Ban folder from 45+ emails a day to 10 at most.
I still get the occasional flurry, but you firewall the IP range and your done.
I can handle sending out 10 abuse mail forwards a day.
Subscribe to:
Posts (Atom)