[BlueOnyx:25169] Re: stalling SMTP
Meaulnes Legler @ MailList
bluelist at waveweb.ch
Fri Oct 15 10:58:37 -05 2021
Michael, thanks for the reply
> In /var/log/maillog they usually show up like this:
>
> Oct 13 20:02:38 sol sendmail[18277]: 19E12cNr018277: [104.200.146.41]
> did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
>
> Oct 14 10:53:46 sol sendmail[22421]: 19EFrLbF022421: [43.133.58.8] did
> not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA
did so, quite a lot showed up :-(
> cat /var/log/maillog|grep ETRN | cut -d [ -f3| cut -d ] -f1 | grep ^[0-9] | sort -un
> If I see repeat offenders *really* sticking their nose out, then I
> usually do a WHOIS on the offending IP and block their whole network
> address range in APF, Firewalld and/or Milter-GeoIP.
do so, too... I jot those IPs in a list and if I find IPs in the same class, I enter those with a netmask of /24, sometimes I even go down to a netmask of /18 (once /16!) in the Network Services > AV-SPAM > GeoIP > Blocked IP Address Ranges list
best regards
で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660
More information about the Blueonyx
mailing list