Robert Chalmers (Author) skrev den 2020-07-06 15:38:
Such as this one?Jul 06 08:10:03 www postfix/smtpd[6155]: disconnect from unknown[45.125.65.52] ehlo=1 auth=0/1 quit=1 commands=⅔ So I have anyway written this to find them sudo grep unknown /var/log/postfix.log | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -n | uniq > output.txtTake out my own network and localhost etc, and put them into pfct’s badguys
auth=0/1 is diffrent part then unknown
works nicely.
your maked a rule for another problem
On 6 Jul 2020, at 14:28, Wietse Venema <wie...@porcupine.org> wrote: auth=
and reduce grep to one call not 2
