On Fri, 30 Sep 2016 06:26:35 -0400
Postfix User <postfix-u...@seibercom.net> wrote:

> Postfix-3.2-20160917 with FreeBSD-11.0 /64 bit
> 
> Lately, I have been finding the following entries in the maillog:
> 
> 13643:Sep 30 02:00:40 scorpio postfix/smtpd[83056]: warning: hostname
> ip-address-pool-xxx.fpt.vn does not resolve to address 118.71.251.67:
> hostname nor servname provided, or not known 13822:Sep 30 02:00:40
> scorpio postfix/smtpd[83056]: connect from unknown[118.71.251.67]
> 13904:Sep 30 02:00:41 scorpio postfix/smtpd[83056]: disconnect from
> unknown[118.71.251.67] helo=1 auth=0/1 quit=1 commands=2/3

This will pull these hackers off your maillog.
bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist
sort iplist | uniq

I'm going to wait a bit regarding automatically rejecting these
attempts per the method listed in the rest of the thread, but I'd like
to hear a follow up.

FWIW, I took the list of shady IP addresses and made a table for ipfw
for the ones I'm pretty sure I can block. 

Reply via email to