How to detect this kind of attacks

[Walter Alejandro Iglesias]

Hello everyone,

Is there a way to detect on the fly spam attacks like the pasted below
(maillog)?  It seems pf max-src-conn-rate takes in care only the
"connected" event.

I obscured the recipients.  Basically sorted addresses of the same target 
Chinese host.

Nov 26 05:59:42 server smtpd[55880]: 3bcc430eee258cd7 smtp event=connected 
address=119.141.24.19 host=119.141.24.19
Nov 26 05:59:46 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:49 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:50 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:51 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:52 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:53 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:53 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
Nov 26 05:59:54 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<???????@*.com>" 
result="550 Invalid recipient"
[...] *a hundred of more one second frequency entries here*
Nov 26 06:06:55 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<?????@*.com>" 
result="550 Invalid recipient"
Nov 26 06:06:56 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<?????@*.com>" 
result="550 Invalid recipient"
Nov 26 06:06:56 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command 
address=119.141.24.19 host=119.141.24.19 command="RCPT TO:<?????@*.com>" 
result="550 Invalid recipient"
Nov 26 06:06:57 server smtpd[55880]: 3bcc430eee258cd7 smtp event=closed 
address=119.141.24.19 host=119.141.24.19 reason=disconnect