If this forum is still up, can I get some help on a regex to block the ips that create the following.

Sep 19 07:29:56 srv1 postfix/smtpd[26968]: NOQUEUE: reject: RCPT from unknown[125.165.130.127]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=

I get a lot of spoofing on this domain.

Please help if you can.

mrfordwrench

Standard postfix message should work?

blockhosts.cfg already has many postfix rules - if one of those is seen, no new pattern is needed.

Anyway, here's the pattern to add to blockhosts.cfg:

    "postfix-noqueue":
        r'{LOG_PREFIX{postfix/smtpd}} NOQUEUE: reject: RCPT .*?\[{HOST_IP}]:.* Relay access denied; from=',