Author: Dan
Date: 29-11-08 22:32
I run pf and spamdb for greylisting. Many hosts get through the greylisting only to have bad DNS. I use postfix and make use of the reject_unknown_client_hostname option in my smtpd_client_restrictions directive. As such, I frequently see mail connections such as this:
Nov 29 00:07:19 nyi postfix/smtpd[85071]: NOQUEUE: reject: CONNECT from unknown[216.226.129.231]: 450 4.7.1 Client host rejected: cannot find your hostname, [216.226.129.231]; proto=SMTP
Today I decided to gather up those IP addresses and trap them in spamdb. They will stay there for 24 hours.
grep "Client host rejected: cannot" /var/log/maillog | awk '{print $10}' | cut -d '[' -f 2 | cut -d ']' -f 1 | sort | uniq | xargs -J % -n 1 sudo spamdb -ta %
Hope that helps. :)
--
Webmaster
|
|
