I'm using sendmail-reject, which gets lots of hits after I disallowed authentication on port 25. I'm assuming it's bots looking for a way to guess logins. Perhaps you can adapt those rules for Postfix.
I've been using login-shield (https://github.com/dpsystems/login-shield) to stop a lot of that, but it doesn't by default block port 25/smtp traffic - I don't want to cause filters to reject mail just logins.
Although in this case, there doesn't appear to be an attempt to login? So just checking for vulnerabilities or something?
If anybody can help draft a rule to catch this stuff too, let me know. Or does anybody think it could interfere with legitimate traffic? Not sure what's going on with the connections and drops.
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
