On 29-12-2021 11:13, Matus UHLAR - fantomas wrote:
- With smtpd_delay_reject=no, Postfix will log a DNSBL 'reject' in
smtpd_client_restrictions without any sender or recipient information.
That makes it difficult to answer questions about "missing" email.
And when SASL is used with delays set to no, when the first reject
happens, client is out so the very much wanted authentication info is
delayed and that decreases the guessing possibilities extremely low
and makes the attack close to impossible to ever succeed with proper
RBL updating.
fail2ban can to this. you can fill your local dnsbl with that, although I
prefer blocking connection from those IPs at firewall level.
I am guessing you use fail2ban to block those IP's at firewall level. So
fail2ban is not a bad place to start in any case, it can take care of both.
