postfix 防攻击

大量TIME_WAIT
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

 
vim /etc/sysctl.conf
net.ipv4.tcp_tw_reuse = 1
和
net.ipv4.tcp_tw_recycle = 1
的开启都是为了回收处于TIME_WAIT状态的资源。

单独删除postfix邮件ID
mailq |awk  'BEGIN { RS = "" } /[email protected]/{print $1}' | tr -d '*!' | postsuper -d -
awk  'BEGIN { RS = "" } /@[email protected]/{print $1}'  /tmp/postfix_laji.txt  | tr -d '*!' | postsuper -d -

脚本删除postfix邮件ID
#!/bin/bash
cd /tmp
/usr/sbin/postqueue -p|egrep '[email protected]'|awk '{print $1}' > /postfix_laji.txt
for i in `cat /tmp/queue1.txt`
do
/usr/sbin/postsuper -d $i
done

 

防火墙过滤
#!/bin/bash
LOGFILE="/var/log/maillog"
#统计maillog中authentication failure的IP个数与IP
grep "authentication failure" $LOGFILE|awk '{print $7}'|grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort|uniq -c > /tmp/af_iplist.txt
#取出AF出现大于300次时的IP
awk '$1>300 {print $2}' /tmp/af_iplist.txt > /tmp/block_ip_list.txt
#大于300次AF的IP添加到iptables中
cat block_ip_list.txt|while read line
do
/sbin/iptables -nL | grep $line
if [ $? != 0 ]
then
iptables -I INPUT -s $line -j DROP
fi
service iptables save
service iptables restart
done

 

crontab -e
*/1 * * * *     /bin/bash /tmp/all_clean_postfix.sh
*/1 * * * *     /bin/bash /tmp/ip_iptables.sh
/etc/init.d/crond restart
tail -f /var/log/cron