Postfix/Fail2ban_against_spammers

From http://archives.neohapsis.com/archives/postfix/2009-03/0063.html

Spammers might get rejected during the SMTP transaction, but it'd be nice if we could cut them off even earlier. Fail2ban gives us a way to do just that.

I use fail2ban with this:

failregex = reject: RCPT from (.*)\[<HOST>\]: (550|554).*(Recipient address rejected: User unknown|Relay access denied)

Watch for wrapping, as this is all on one line in the /etc/fail2ban/filter.d/postfix.conf

I have it set in /etc/fail2ban/jail.conf to block the source IP address for 1 hour after 5 associated maillog entries, and it's been working fine here for quite some time.