Autofirewall for Linux MTA running postfix

I have written a perl program that protects a Linux MTA running postfix.

The program snifs on /var/log/mail. If a host is doing something wrong/illegal he will be blocked for 24 hours.

Three illegal attemps in 20 minutes triggers a drop action in firewalld.
Sorry for the comments in the script being in danish.


  1. Download the file
  2. Edit user and password for access to mysql in the file.

    # ### MAIN LOOP ###

    # Forbind til database
    $dbh = DBI->connect(“dbi:mysql:$firewalldb”, “USER“, “PASSWD“)
    or die “Kunne ikke forbinde til databasen: $firewalldb\n”;

  3. Edit WAN ip and whitelisted ip ranges:
    my $wanaddr = “aaa.bbb.ccc.ddd”; #/32
    my @whitelist = (“aaa.bbb.ccc”, “aaa.bbb.ddd”); # /24
  4. Get sql definitions file autofirewall.sql and apply it to the autofirewall database.
  5. Do “chmod 555”
  6. Do autofirewall.sql in mysql or MariaDB
  7. Add “*/10 * * * * /path/to/ >> /path/to/logfile” to roots crontab
  8. Your MTA is now ptrotected against brute force attacks.

Update 2016/01/14:

Minor fixes and new function applied that restores the firewall after firewall flush or system reboot.

Update 2024/01/05:

Script changed to use firewallcmd.
Database structure is now on mariadb.