LaurenceJJones
commented
2 weeks ago I would also like to parse and act on relay access commands
2024-08-25T12:31:56.154748+00:00 laurencejones postfix/smtpd[3887453]: NOQUEUE: reject: RCPT from unknown[157.245.73.5]: 454 4.7.1 <spameri@tiscali.it>: Relay access denied; from=<spameri@tiscali.it> to=<spameri@tiscali.it> proto=ESMTP helo=<WIN-CLJ1B0GQ6JP>
2024-08-25T16:25:14.097135+00:00 laurencejones postfix/smtpd[4001128]: NOQUEUE: reject: RCPT from unknown[94.156.177.65]: 454 4.7.1 <spameri@tiscali.it>: Relay access denied; from=<spameri@tiscali.it> to=<spameri@tiscali.it> proto=ESMTP helo=<WIN-7N1FIECL6IC>
2024-08-25T17:53:45.608776+00:00 laurencejones postfix/smtpd[4004444]: NOQUEUE: reject: RCPT from unknown[94.156.177.137]: 454 4.7.1 <spameri@tiscali.it>: Relay access denied; from=<spameri@tiscali.it> to=<spameri@tiscali.it> proto=ESMTP helo=<WIN-7N1FIECL6IC>
I had some spare time over weekend and decided to update my configuration for my postfix servers. I have enforced new rules to stop spammers from exploiting common misconfiguration's I would like to parse and handle these HELO rejections separately from authentication failures as they are not the same thing.
The main problem is I would rather group on the from/to rather than IP as you can see the addresses are different each time.