> I am working on a spam filter and so I find myself spending a lot more > quality time with mail logs than I used to. One of the things I have noticed > is that I will get a lot of connections that send a HELO command and then > disconnect. Sometimes I get this > repeated several times a minute from the > same IP for hours on end. What is going on here? Should I block these IPs? > Am I being scanned? By what? To what end?
Have you looked into the following postfix directives? smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20
