ylmf-pc is a known brute force attack. Why they're using all the same helo string is beyond me, but this has been going on for over a year.
I don't think that there's a way to drop a connection based on HELO, though I'll yield to Thomas' input on that. I'm no expert but I believe that it should be possible to craft some code in the getline function within the perl code that when a helo that matches something hard coded or from a file is found, that you could drop the connection, something like DenySMTPStrictEarly does. On Mon, Mar 2, 2015 at 10:47 AM, Phil Cook <pc...@gsiag.com> wrote: > What would be the best way to block EHLO ylmf-pc? I see a lot of auth > attempts from this host but the ip changes, so blocking the ip doesn't work > for long. > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
