Suitable port mail reject repeaters
Wesley Shields
wxs at atarininja.org
Thu Oct 4 13:33:51 PDT 2007
On Thu, Oct 04, 2007 at 10:12:31AM -0700, David Southwell wrote:
> Hi
>
> There have been numerous attempts on one server resulting in entries of the
> following type in the log:( [xxxx] is a domain for which we receive mail).)
>
> Oct ?3 07:05:39 dns1 postfix/smtpd[93611]: connect from
> mail.dolbeyco.com[70.61.148.178]
> Oct ?3 07:05:40 dns1 postfix/smtpd[93611]: NOQUEUE: reject: RCPT from
> mail.dolbeyco.com[70.61.148.178]: 450 4.1.1 <Novitsky@[xxxxx]>: Recipient
> address rejected: User unknown in virtual alias table; from=<>
> to=<Novitsky@[xxxxx].com> proto=ESMTP helo=<FRODO.DOLBEY.priv>
> Oct ?3 07:05:40 dns1 postfix/smtpd[93611]: disconnect from
> mail.dolbeyco.com[70.61.148.178]
>
> Where clearly the remote server is hoping to find we are either open to
> relaying messages or probing to find email addresses we will accept.
>
> users with names that do not exist in the virtual alias table are being
> rejected. However the same group of servers seem to keep on repeated failed
> attempts.
>
>
> What I would like to do is after receiving a number of attempts from a such a
> remote server to automatically refuse connections and reduce the log load. I
> believe there is a tool for doing that (say after a remote server has a
> speciofied number of failed attempts). I am sure there is a port that does
> this but cannot find it!!
I prefer grok (sysutils/grok) for automated tasks of this type. It's
_extremely_ powerful and flexible (as opposed to solutions of this type
which work only for a given service, usually ssh).
-- WXS
More information about the freebsd-ports
mailing list