Il 06/11/2013 09:46, Ian Evans ha scritto: > About three days into my postfix/postgrey experience after migrating > from qmail. Enjoying it. > > Of course, like a new dad, I'm sitting here watching the logs. For the > last two hours I've been getting "postfix/smtpd: lost connection after > RSET from unknown[x.x.x.x]" from the same IP, apparently in Iceland. > > The hits are coming about every 30 seconds. Safe to assume this is a > spambot/zombie? Any steps to slow it down or is it being rejected > nicely and without too much load on the system besides generating a > huge log? > > Thanks. > > > > If is the only IP that have this problem, i think is safe to presume can be a spambot or something similar. I think the best way to block that IP address is put an Iptables firewalling rule, like:
iptables -I INPUT -s x.x.x.x -j DROP In that way, it can't connect anymore to your SMTP or other system services. Cordially, Claudio.
