Fail2Ban is a security tools used to ban source IP address that attempt to gain access to a Linux server. It will scan the system (sub-system) log to trace for illegal access log.
Source: https://www.fail2ban.org/wiki/index.php/Main_Page
Open Relay
In the filter file, add the line:
Source: https://www.fail2ban.org/wiki/index.php/Main_Page
Postfix
The Postfix uses the /var/log/maillog for checking. The filter file is /etc/fail2ban/filter.d/postfix.conf.
Open Relay
To prevent open relay in log:
Sep 12 15:00:06 xxx postfix/smtpd[12025]: NOQUEUE: reject: RCPT from unknown[185.208.211.112]: 454 4.7.1 <martinlujan997@gmail.com>: Relay access denied; from=<united@ctinets.com> to=<martinlujan997@gmail.com> proto=ESMTP helo=<WIN-7O75RVKC0I6>
Sep 12 15:00:07 xxx postfix/smtpd[11939]: NOQUEUE: reject: RCPT from unknown[185.208.211.112]: 454 4.7.1 <martinlujan997@gmail.com>: Relay access denied; from=<cooper@ctinets.com> to=<martinlujan997@gmail.com> proto=ESMTP helo=<WIN-7O75RVKC0I6>
Sep 12 15:00:07 xxx postfix/smtpd[11939]: NOQUEUE: reject: RCPT from unknown[185.208.211.112]: 454 4.7.1 <martinlujan997@gmail.com>: Relay access denied; from=<cooper@ctinets.com> to=<martinlujan997@gmail.com> proto=ESMTP helo=<WIN-7O75RVKC0I6>
In the filter file, add the line:
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 <\S*>: Relay access denied;.*$
