On Sat, Nov 26, 2016, Walter Alejandro Iglesias wrote: > Is there a way to detect on the fly spam attacks like the pasted below > (maillog)? It seems pf max-src-conn-rate takes in care only the
Check the docs for your MTA. > Nov 26 05:59:46 server smtpd[55880]: 3bcc430eee258cd7 smtp > event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT > TO:<???????@*.com>" result="550 Invalid recipient" [[ many times ]] For example: sendmail 8: # limit the rate recipients per SMTP envelope are accepted # once the threshold number of recipients have been rejected BadRcptThrottle BadRcptShutdown MeTA1: invalid_addresses_per_session_max: maximum number of invalid, e.g., unknown, RCPT addresses per session accepted by server. After this limit is reached the connection is terminated with an 421 error.