Can i do an autban script based on this?
Posted: 2018-12-18 20:39
I see two repeating patterns on my mailserver of spammers trying to use on of my domains.
They try to send a Mail and when they get a PW request they quit the connection.
"SMTPD" 2316 1668 "2018-12-18 18:34:56.751" "190.236.239.220" "SENT: 530 SMTP authentication is required."
"DEBUG" 2316 "2018-12-18 18:34:56.751" "AWStats::LogDeliveryFailure"
"DEBUG" 2240 "2018-12-18 18:35:04.249" "The read operation failed. Bytes transferred: 0 Remote IP: 190.236.239.220, Session: 1668, Code: 10054, Message: An existing connection was forcibly closed by the remote host"
"SMTPD" 2316 1669 "2018-12-18 18:40:16.798" "185.171.235.253" "SENT: 530 SMTP authentication is required."
"DEBUG" 2316 "2018-12-18 18:40:16.798" "AWStats::LogDeliveryFailure"
"SMTPD" 2240 1669 "2018-12-18 18:40:20.232" "185.171.235.253" "RECEIVED: QUIT"
Since they never ever sends an incorrect password autoban won't block them.
Therefore I would like to know if there is a way to use a script to generate autoban rules for these patterns.
they are annoying me
They try to send a Mail and when they get a PW request they quit the connection.
"SMTPD" 2316 1668 "2018-12-18 18:34:56.751" "190.236.239.220" "SENT: 530 SMTP authentication is required."
"DEBUG" 2316 "2018-12-18 18:34:56.751" "AWStats::LogDeliveryFailure"
"DEBUG" 2240 "2018-12-18 18:35:04.249" "The read operation failed. Bytes transferred: 0 Remote IP: 190.236.239.220, Session: 1668, Code: 10054, Message: An existing connection was forcibly closed by the remote host"
"SMTPD" 2316 1669 "2018-12-18 18:40:16.798" "185.171.235.253" "SENT: 530 SMTP authentication is required."
"DEBUG" 2316 "2018-12-18 18:40:16.798" "AWStats::LogDeliveryFailure"
"SMTPD" 2240 1669 "2018-12-18 18:40:20.232" "185.171.235.253" "RECEIVED: QUIT"
Since they never ever sends an incorrect password autoban won't block them.
Therefore I would like to know if there is a way to use a script to generate autoban rules for these patterns.
they are annoying me
