I get a lot of these everyday: May 20 02:04:51 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> May 20 02:04:51 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> May 20 02:04:52 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> May 20 02:04:53 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> May 20 02:04:54 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> May 20 02:04:55 srv1 postfix/smtpd[9411]: NOQUEUE: reject: RCPT from unknown[218.88.34.12]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<163data.com.cn> how do I stop these people from trying to hack in? How can I stop them by ip? I have fail2ban installed but it does not catch this. Fordwrench
These are no real hack attempts, they just try to deliver email to non existing accounts. Maybe policyd is the solution you are looking for: http://policyd.sourceforge.net/readme.html
