I have written a perl program that protects a Linux MTA running postfix.
The program snifs on /var/log/mail. If a host is doing something wrong/illigal he will be blocked for 24 hours.
Three illigal attemps in 20 minutes trickers a drop action in iptables.
Installation:
- Download the file autofirewall.pl
- Edit user and password for access to mysql in the file.
- Get sql definitions file autofirewall.sql
- Do “chmod 555 autofirewall.pl”
- Do autofirewall.sql in mysql or MariaDB
- Add “*/10 * * * * /sti/til/autofirewall.pl > /sti/til/en/log.fil” to roots crontab
- Your MTA is now ptrotected against brute force attacks.
Update 2016/01/14:
Minor fixes and new function applied that restores the firewall after firewall flush or system reboot.