A different kind of attack/probe, how can postfix defend against it?

[Justin Piszcz [Permanent Link]]

Recently, I saw this in my logs:

With iptables I guess I could specify something to block port 25 if it 
gets hit too many times from _ANY_ ip but that would block legitimate 
mail; however, it seems as if it the only or best option?
Aug  9 12:47:19 l2 postfix/smtpd[12676]: connect from 
mx181.populationarea.com[69.31.50.181]
Aug  9 12:47:24 l2 postfix/smtpd[12676]: disconnect from 
mx181.populationarea.com[69.31.50.181]
Aug  9 12:47:26 l2 postfix/smtpd[12676]: connect from 
mx190.webcastersradio.com[69.31.50.190]
Aug  9 12:47:30 l2 postfix/smtpd[12676]: disconnect from 
mx190.webcastersradio.com[69.31.50.190]
Aug  9 12:47:31 l2 postfix/smtpd[12676]: connect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:35 l2 postfix/smtpd[12676]: disconnect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:36 l2 postfix/smtpd[12676]: connect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:41 l2 postfix/smtpd[12676]: disconnect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:43 l2 postfix/smtpd[12676]: connect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:47 l2 postfix/smtpd[12676]: disconnect from 
mx184.shippingkick.com[69.31.50.184]
Aug  9 12:47:49 l2 postfix/smtpd[12676]: connect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:47:53 l2 postfix/smtpd[12676]: disconnect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:47:54 l2 postfix/smtpd[12676]: connect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:47:59 l2 postfix/smtpd[12676]: disconnect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:48:01 l2 postfix/smtpd[12676]: connect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:48:05 l2 postfix/smtpd[12676]: disconnect from 
mx186.shippingkick.com[69.31.50.186]
Aug  9 12:48:07 l2 postfix/smtpd[12676]: connect from 
mx166.censusarea.com[69.31.50.166]
Aug  9 12:48:11 l2 postfix/smtpd[12676]: disconnect from 
mx166.censusarea.com[69.31.50.166]
Aug  9 12:48:12 l2 postfix/smtpd[12676]: connect from 
mx166.censusarea.com[69.31.50.166]
Aug  9 12:48:22 l2 postfix/smtpd[12676]: disconnect from 
mx166.censusarea.com[69.31.50.166]
Aug  9 12:48:23 l2 postfix/smtpd[12676]: connect from 
mx173.officecent.com[69.31.50.173]
Aug  9 12:48:27 l2 postfix/smtpd[12676]: disconnect from 
mx173.officecent.com[69.31.50.173]
Aug  9 12:48:28 l2 postfix/smtpd[12676]: connect from 
mx172.officecent.com[69.31.50.172]
Aug  9 12:48:33 l2 postfix/smtpd[12676]: disconnect from 
mx172.officecent.com[69.31.50.172]
Aug  9 12:48:35 l2 postfix/smtpd[12676]: connect from 
mx168.offcentral.com[69.31.50.168]
Aug  9 12:48:39 l2 postfix/smtpd[12676]: disconnect from 
mx168.offcentral.com[69.31.50.168]
Aug  9 12:48:41 l2 postfix/smtpd[12676]: connect from 
mx163.censusarea.com[69.31.50.163]
Aug  9 12:48:45 l2 postfix/smtpd[12676]: disconnect from 
mx163.censusarea.com[69.31.50.163]
Aug  9 12:48:46 l2 postfix/smtpd[12676]: connect from 
mx163.censusarea.com[69.31.50.163]
Aug  9 12:48:51 l2 postfix/smtpd[12676]: disconnect from 
mx163.censusarea.com[69.31.50.163]
Aug  9 12:48:52 l2 postfix/smtpd[12676]: connect from 
mx179.populationarea.com[69.31.50.179]
Aug  9 12:48:56 l2 postfix/smtpd[12676]: disconnect from 
mx179.populationarea.com[69.31.50.179]
Aug  9 12:48:58 l2 postfix/smtpd[12676]: connect from 
mx183.shippingkick.com[69.31.50.183]
Aug  9 12:49:02 l2 postfix/smtpd[12676]: disconnect from 
mx183.shippingkick.com[69.31.50.183]
Aug  9 12:49:03 l2 postfix/smtpd[12676]: connect from 
mx188.webcastersradio.com[69.31.50.188]
Aug  9 12:49:08 l2 postfix/smtpd[12676]: disconnect from 
mx188.webcastersradio.com[69.31.50.188]
Aug  9 12:49:10 l2 postfix/smtpd[12676]: connect from 
mx178.populationarea.com[69.31.50.178]
Aug  9 12:49:14 l2 postfix/smtpd[12676]: disconnect from 
mx178.populationarea.com[69.31.50.178]