1 Topic by kempston (edited by kempston 2022-01-26 03:25:56)

  • kempston
  • Member
  • Offline
  • Registered: 2019-05-20
  • Posts: 10

Topic: How to permanently ban spamming IPs

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I would like to implement a method for permanently banning connections from IP addresses that persistently try to deliver spam.  I have a method that works but would appreciate suggestions for something more elegant.

What I'm currently doing, for each IP to be banned, is to insert a firewall rule at an appropriate position:

nft add rule inet filter input position 12 ip saddr x.x.x.x/32 drop

then, to make the ban persistent across reboots, edit /etc/nftables.conf to insert, early in the input chain:

ip saddr x.x.x.x drop

Is there a better way, perhaps using fail2ban?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by kempston

  • kempston
  • Member
  • Offline
  • Registered: 2019-05-20
  • Posts: 10

Re: How to permanently ban spamming IPs

I haven't found a better way of doing this, so I'll record the script I'm using in case it's of use to anyone else who wants the ability to ban specific IPs permanently.

First, edit /etc/nftables.conf and insert the following line, just before the "ssh" section:

        include "/etc/nftables.ban"

Then create a script:

cat << 'EOF' > /usr/local/bin/banip
#/bin/sh
if [ "$#" -ne 1 ]; then
    echo "Usage: banip IP-address"
    exit 1
fi
nft add rule inet filter input position 12 ip saddr $1 drop
if [ $? -eq 0 ]; then
  echo "ip saddr $1 drop" >> /etc/nftables.bans
fi
EOF
chmod 700 /usr/local/bin/banip

To ban IP 1.2.3.4 instantly and permanently, just do:

banip 1.2.3.4

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: How to permanently ban spamming IPs

- Banning in firewall is the most effective solution.
- Another option is ban smtp service with iRedAPD.
  FYI: https://docs.iredmail.org/manage.iredap … blacklists
  It's managed in iRedAdmin-Pro too.