Read your debian server log and ....


  • awk
  • ipset & iptables

Read your mail log for authentication failure:
create this bash script or download 

## create by dedetok April 2016
## GNU GPL v3
echo "reading mail log file"
awk '(/authentication failure/) { print $7," ",$(NF-1)," ",$(NF)}' /var/log/mail
.log | sort | uniq -c | {
  while read -r line1 line2 line3 line4
    if [ "$line1" -ge 5 ]; then
       echo -e "$line1\t$line2 $line3 $line4"
create ipset rules for blacklisting smpt
# ipset create mynetrulessmtpd hash:net
Run script and pupulate mynetrulessmtpd:
# ./
reading mail log file
20      unknown[]: authentication failure
840     unknown[]: authentication failure
16      unknown[]: authentication failure
# ipset add mynetrulessmtpd
# ipset add mynetrulessmtpd
# ipset add mynetrulessmtpd
Add ipset rules into iptables rules
# iptables -I INPUT -p tcp --match multiport --dports smtp,smtps -m set --match-set mynetrulessmtpd src -j DROP