Put the ip in your firewall blacklist is what I did, then you dont even see them as they are blocked at the gate. I extracted all such addreses from my logs, sorted them unique, added them to the firewall blacklist. gone. I know there will always be others, but revenge is sweet .....
----- From my iPhone. > On 20 Mar 2016, at 6:11 pm, @lbutlr <krem...@kreme.com> wrote: > > I have many thousands of these over the last seven days: > > Mar 20 10:45:27 mail postfix/smtpd[19480]: warning: unknown[185.103.253.246]: > SASL LOGIN authentication failed: UGFzc3dvcmQ6 > > They are all the exact same, including the UGF… portion. > > Mar 20 10:48:34 mail postfix/postscreen[75523]: CONNECT from > [185.103.253.246]:61153 to [65.121.55.45]:25 > Mar 20 10:48:34 mail postfix/postscreen[75523]: PASS OLD > [185.103.253.246]:61153 > Mar 20 10:48:34 mail postfix/smtpd[19790]: connect from > unknown[185.103.253.246] > Mar 20 10:48:36 mail postfix/smtpd[19683]: warning: unknown[185.103.253.246]: > SASL LOGIN authentication failed: UGFzc3dvcmQ6 > Mar 20 10:48:36 mail postfix/smtpd[19683]: lost connection after AUTH from > unknown[185.103.253.246] > Mar 20 10:48:36 mail postfix/smtpd[19683]: disconnect from > unknown[185.103.253.246] ehlo=1 auth=0/1 commands=1/2 > > I mean, nothing is getting in, but there are thousands of these, 2000 > yesterday, and today there are over 3400 so far, and it’s barely even noon. > The first day there were 700, and it’s just ramped up since then. > > /etc/hosts.allow: > ALL : 185.103.253.246 : DENY > > Has no effect. > > -- > 'You make us want what we can't have and what you give us is worth > nothing and what you take is everything and all there is left for us is > the cold hillside, and emptiness, and the laughter of the elves.' >