This type of lines appear frequently in mail.log Code: Mar 2 13:21:59 server1 postfix/smtpd[13724]: 327182100710: client=postwall04.smp.mweb.co.za[196.28.76.24] Mar 2 13:21:59 server1 postfix/smtpd[13724]: disconnect from postwall04.smp.mweb.co.za[196.28.76.24] Code: Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection rate 1/60s for (smtp:110.205.36.26) at Mar 2 13:23:23 Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection count 1 for (smtp:110.205.36.26) at Mar 2 13:23:23 Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max message rate 1/60s for (smtp:196.28.76.24) at Mar 2 13:21:58 How can I block such connections?
You can add the IP to your firewall. I´m not sure how you can setup this with your shown log-entries. I use postfix with postscreen and add blocked IPs to the firewall using syslog-ng. This could be done also with rsyslog.
As mentioned above you can´t use these log-lines (just connect and disconnect) with fail2ban. Otherwise you will block EVERY connection. You better give postscreen a try.... http://blog.schaal-24.de/?p=661&lang=en
