From owner-freebsd-ports@FreeBSD.ORG  Thu Oct  4 20:33:51 2007
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6312016A419
	for <freebsd-ports@freebsd.org>; Thu,  4 Oct 2007 20:33:51 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158])
	by mx1.freebsd.org (Postfix) with ESMTP id 4B12C13C48A
	for <freebsd-ports@freebsd.org>; Thu,  4 Oct 2007 20:33:51 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: by syn.atarininja.org (Postfix, from userid 1001)
	id 5A8355C34; Thu,  4 Oct 2007 16:19:15 -0400 (EDT)
Date: Thu, 4 Oct 2007 16:19:15 -0400
From: Wesley Shields <wxs@atarininja.org>
To: David Southwell <david@vizion2000.net>
Message-ID: <20071004201915.GA60781@atarininja.org>
References: <200710041012.31295.david@vizion2000.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200710041012.31295.david@vizion2000.net>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: freebsd-ports@freebsd.org
Subject: Re: Suitable port mail reject repeaters
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2007 20:33:51 -0000

On Thu, Oct 04, 2007 at 10:12:31AM -0700, David Southwell wrote:
> Hi 
> 
> There have been numerous attempts on one server resulting in entries of the 
> following type in the log:( [xxxx] is a domain for which we receive mail).)
> 
> Oct ?3 07:05:39 dns1 postfix/smtpd[93611]: connect from 
> mail.dolbeyco.com[70.61.148.178]
> Oct ?3 07:05:40 dns1 postfix/smtpd[93611]: NOQUEUE: reject: RCPT from 
> mail.dolbeyco.com[70.61.148.178]: 450 4.1.1 <Novitsky@[xxxxx]>: Recipient 
> address rejected: User unknown in virtual alias table; from=<> 
> to=<Novitsky@[xxxxx].com> proto=ESMTP helo=<FRODO.DOLBEY.priv>
> Oct ?3 07:05:40 dns1 postfix/smtpd[93611]: disconnect from 
> mail.dolbeyco.com[70.61.148.178] 
> 
> Where clearly the remote server is hoping to find we are either open to 
> relaying messages or probing to find email addresses we will accept.
> 
> users with names that do not exist in the virtual alias table are being 
> rejected. However the same group of servers seem to keep on repeated failed 
> attempts.
> 
> 
> What I would like to do is after receiving a number of attempts from a such a 
> remote server to automatically refuse connections and reduce the log load. I 
> believe there is a tool for doing that (say after a remote server has a 
> speciofied number of failed attempts). I am sure there is a port that does 
> this but cannot find it!!

I prefer grok (sysutils/grok) for automated tasks of this type.  It's
_extremely_ powerful and flexible (as opposed to solutions of this type
which work only for a given service, usually ssh).

-- WXS