On 11/6/2013 2:46 AM, Ian Evans wrote: > About three days into my postfix/postgrey experience after migrating from > qmail. Enjoying it. > > Of course, like a new dad, I'm sitting here watching the logs. For the last > two hours I've been getting "postfix/smtpd: lost connection after RSET from > unknown[x.x.x.x]" from the same IP, apparently in Iceland. > > The hits are coming about every 30 seconds. Safe to assume this is a > spambot/zombie? Any steps to slow it down or is it being rejected nicely > and without too much load on the system besides generating a huge log?
Zombies try to deliver spam. This looks like SMTP scanner behavior. See: http://www.irongeek.com/i.php?page=backtrack-r1-man-pages/smtpscan You can put a stop to stuff like this with fail2ban. -- Stan
