On Fri, 30 Sep 2016 06:26:35 -0400 Postfix User <postfix-u...@seibercom.net> wrote:
> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit > > Lately, I have been finding the following entries in the maillog: > > 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname > ip-address-pool-xxx.fpt.vn does not resolve to address 118.71.251.67: > hostname nor servname provided, or not known 13822:Sep 30 02:00:40 > scorpio postfix/smtpd[83056]: connect from unknown[118.71.251.67] > 13904:Sep 30 02:00:41 scorpio postfix/smtpd[83056]: disconnect from > unknown[118.71.251.67] helo=1 auth=0/1 quit=1 commands=2/3 This will pull these hackers off your maillog. bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist sort iplist | uniq I'm going to wait a bit regarding automatically rejecting these attempts per the method listed in the rest of the thread, but I'd like to hear a follow up. FWIW, I took the list of shady IP addresses and made a table for ipfw for the ones I'm pretty sure I can block.