Feb 6 08:29:13 im1 postfix/smtpd[74153]: warning: Too frequent connections: 2855 from 80.139.230.244 for service smtp
Feb 6 08:29:14 im1 postfix/smtpd[74178]: warning: Too frequent connections: 2856 from 80.139.230.244 for service smtp Feb 6 08:29:14 im1 postfix/smtpd[74134]: warning: Too frequent connections: 2857 from 80.139.230.244 for service smtp yep, after being anvilled at 10 connects in 20 minutes, the IP went to "hammer our anvil" nearly 3000 times, 50 connects/sec what's that IP? %dig -x 80.139.230.244 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; 244.230.139.80.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 244.230.139.80.in-addr.arpa. 1D IN PTR p508BE6F4.dip.t-dialin.net. a damn German DUL spamming an ISP in Alabama, probably on ISDN (popular in Europe) to get the high rate of anvil rejects. Len
