Before this a private DNS was needed to be able to take advantage of tools to eliminate spam & unauthorized attempts.
Any virtualmin installation now is able to fight spam & malware with new DNS Service from DNS0 dns0.eu — El DNS público europeo que hace tu Internet más seguro which allows for recursive dns querying.
So now you can use it to eliminate most spam & prevent most malware:
You can use Postfix to block spam mail from blacklisted domains or IPs.
Also Fail2Ban can be used to block protect from brute force attacks.
This is just a guide and may not work for everyone. Tested with Rocky Linux 8/9.
Just using the new DNS will block bad URLs avoiding malware:
Webmin, networking, network configuration, hostname and DNS client, set DNS Servers:
193.110.81.0
185.253.5.0
2a0f:fc80::
2a0f:fc81::
Reboot server or restart network
STOPPING SPAM WITH POSTFIX:
/etc/postfix/main.cf
Using postscreen it stops spam just before entering Postfix. So no log will appear with those IP/mail blocked:
postscreen_access_list = permit_mynetworks
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = smtp.dnsbl.sorbs.net*3
,
mail.bl.blocklist.de*3
,
list.dnswl.org=127.[0..255].[0..255].0*-2
,
list.dnswl.org=127.[0..255].[0..255].1*-4
,
list.dnswl.org=127.[0..255].[0..255].[2..3]*-6
Below changes block spam and a log will be written to maillog.log (CentOS/Rocky Linux). See below how-to check it.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client spam.spamrats.com,
reject_rbl_client bl.worst.nosolicitado.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client psbl.surriel.com,
reject_rbl_client truncate.gbudb.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client noptr.spamrats.com,
reject_rbl_client dyna.spamrats.com,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client preempt.dnsbl.sorbs.net,
reject_rbl_client relays.dnsbl.sorbs.net,
reject_rbl_client fresh30.spameatingmonkey.net,
reject_rbl_client bl.mailspike.net,
reject_rbl_client dnsbl.dronebl.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender fresh30.spameatingmonkey.net,
reject_rhsbl_client fresh30.spameatingmonkey.net,
reject_rhsbl_sender uribl.spameatingmonkey.net,
reject_rhsbl_client uribl.spameatingmonkey.net,
reject_rhsbl_sender urired.spameatingmonkey.net,
reject_rhsbl_client urired.spameatingmonkey.net,
reject_rhsbl_reverse_client rhsbl.scientificspam.net,
reject_rhsbl_sender rhsbl.scientificspam.net,
permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, permit
/etc/postfix/master.cf
Modify submission line to be like this:
submission inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
-o smtpd_tls_security_level=may
-o smtpd_delay_reject=no -o {smtpd_client_restrictions = reject_rbl_client auth.spamrats.com=127.0.0.43, permit}
-o {smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject}
-o syslog_name=postfix/submission
/etc/postfix/dnsbl_reply
secret.smtp.dnsbl.sorbs.net smtp.dnsbl.sorbs.net
secret.mail.bl.blocklist.de mail.bl.blocklist.de
secret.noptr.spamrats.com noptr.spamrats.com
STOPING BRUTE FORCE ATTACKS WITH FAIL2BAN:
(adjust the time to seconds or minutes while you get your best configuration)
/etc/fail2ban/jail.local
[DEFAULT]
ignoreip = yourip another.ip
[sshd]
enabled = true
port = ssh
bantime = 1d
maxretry = 1
[webmin-auth]
enabled = true
port = 10000
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
bantime = 15m
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
[postfix]
enabled = true
mode = aggressive
port = smtp,465,submission
bantime = 10m
logpath = /var/log/maillog
maxretry = 10
findtime = 6h
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps,submission,465,sieve
bantime = 14m
#logpath = /var/log/maillog
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s
mode = aggressive
maxretry = 10
findtime = 10h
bantime = 10m
[postfix-sasl]
filter = postfix[mode=auth]
enabled = true
port = smtp,465,submission,imap,imaps,pop3,pop3s
bantime = 3h
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 20
findtime = 10h
[postfix-rbl]
enabled = true
port = smtp,465,submission
filter = postfix[mode=rbl]
logpath = /var/log/maillog
bantime = 15m
findtime = 3h
Removing blocked IP:
In case any of your client IPs is blocked you can remove it from banned ips:
sudo fail2ban-client set dovecot unbanip 8.8.8.8
sudo fail2ban-client set postfix unbanip 8.8.8.8
Also it is possible to add a safe ip in fail2ban (see above):
ignoreip = 127.0.0.1 8.8.8.8
To see blocked emails:
cat /var/log/maillog | grep -i -E “reject:”
Virtualmin pro shall have similar setup right away.