On Mon, Sep 11, 2017 at 10:50:56AM -0400, Kris Deugau wrote: > @lbutlr wrote: > > Is there anything more you could do? Not really. If you really > > want the log lines to go away you could put in a DENY in your > > hosts table, but if you do that you're going to be doing it A > > LOT.
Note that hosts_access(5) / tcpd(8) won't be much less than postscreen itself. You'd still have the TCP connection. Also, postscreen here is not linked against libwrap. I'm not sure if Postfix supports it? > *nod* If there's only one persistent host, it may be worth > blocking at some higher level (I'm partial to "iptables -j DENY") <mode=pedant> There's no native DENY target in iptables. There is "DROP", a built-in target, and "REJECT", a target extension with various options for ICMP rejections to send. </mode> > but if the connections aren't resulting in spam actually > arriving at some mailbox on your system the only "problem" is > the volume of log data. Right. Firewall blocking (perhaps via some mechanism like fail2ban + ipset) isn't a bad idea, but it's certainly not necessary. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
