I am getting a lot of these: Apr 17 07:27:10 mydomain postfix/smtpd[21897]: connect from mone183.secundiarourous.com[141.98.10.183] Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3
Googling mone183.secundiarourous.com indicates it is a bad actor for the most part. Before I mess with my main.cf, is this a reasonable approach to limit this server: https://www.backscatterer.org/?target=usage Specifically ------- SAFE MODE with Postfix: Edit /etc/postfix/main.cf: smtpd_recipient_restrictions = ... check_sender_access dbm:/etc/postfix/check_backscatterer ... Create new file: /etc/postfix/check_backscatterer: <> reject_rbl_client ips.backscatterer.org postmaster reject_rbl_client ips.backscatterer.org Execute following commands: postmap /etc/postfix/check_backscatterer postfix reload for changes to take effect. ----------------- I would replace dbm with hash. Can you have more than one check_senser_access line since I have one for the RBLs.
