= Postfix/Fail2ban_against_spammers =

From http://archives.neohapsis.com/archives/postfix/2009-03/0063.html

Spammers might get rejected during the SMTP transaction, but it'd be nice if we could cut them off even earlier. Fail2ban gives us a way to do just that.

----
I use fail2ban with this: {{{
failregex = reject: RCPT from (.*)\[<HOST>\]: (550|554).*(Recipient address rejected: User unknown|Relay access denied)
}}}

Watch for wrapping, as this is all on one line in the `/etc/fail2ban/filter.d/postfix.conf`

I have it set in /etc/fail2ban/jail.conf to block the source IP address for 1 hour after 5 associated maillog entries, and it's been working fine here for quite some time.