PostBlocker
What is PostBlocker?
Daemon who monitors Postfix’s mail log (through pipe) for incoming connections and if a given limit has been reached, blocks IP and removes queued mail which came from that IP.
How it works?
After doing various header, blacklist and other checks on incoming mail, it goes to Postfix’s HOLD queue. PostBlocker sees the connection at the time Postfix is picking it up. It then takes a note on time the connection is made and starts counting. If IP makes more than 20 connections per 40 seconds, it gets blocked using firewall rule and all queued mail from that IP is removed. If 21st connection is made when more than 40 seconds have passed, the counter is reseted or IP is removed from list. Has ability to Whitelist IPs.
Daemon and tools:
- Main daemon (reads log, monitors connections and starts tools, threads)
- Queue release daemon (releases mail after 2 minutes of hold period) - currently runs as a separate daemon. While I’m testing, if Main daemon dies or is stopped, at least the queued mail gets released.
- Queue delete tool (if IP gets blocked, Main daemon starts this tool, and all mail in queue which were received from this IP, gets deleted) - will be integrated in Main daemon later.
- Queue monitor tool (Monitors queue size. With my configuration if queue has more that 100-150 messages, it’s a sure sign that something’s wrong. Usually queue has ~30 messages)
To Do:
- In my configuration I have 3 SMTP servers, so I’m working on ability to share the list of blocked IPs among servers. Also if one just gets blocked, other servers will block that IP too.
- Automatic block release after given days. Or release a block using some web interface.
- Improve Whitelist. (Currently whitelist is a simple array of IPs)
My Servers:
- I’m balancing SMTP connections with DNS. (1 hostname = 3 IP addresses)
- Each server gets about 230k connections per day.
Current release: v0.4a
Release date: 04.11.2008
