Michael, thanks for the reply
In /var/log/maillog they usually show up like this:
Oct 13 20:02:38 sol sendmail[18277]: 19E12cNr018277: [104.200.146.41]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Oct 14 10:53:46 sol sendmail[22421]: 19EFrLbF022421: [43.133.58.8] did
not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA
did so, quite a lot showed up :-(
cat /var/log/maillog|grep ETRN | cut -d [ -f3| cut -d ] -f1 | grep ^[0-9] |
sort -un
If I see repeat offenders *really* sticking their nose out, then I
usually do a WHOIS on the offending IP and block their whole network
address range in APF, Firewalld and/or Milter-GeoIP.
do so, too... I jot those IPs in a list and if I find IPs in the same class, I enter
those with a netmask of /24, sometimes I even go down to a netmask of /18 (once /16!) in
the Network Services > AV-SPAM > GeoIP > Blocked IP Address Ranges list
best regards
で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
