My mail server having a problem on blocking some attacker that trying to telnet to our mailserver. but i'm not able to block it, ip will keep changing even we block by ip. seems like he is trying to telnet instead of normal from smtp transaction. They are not able to enter our email server, but that is a transaction every second. is there any way to block it/stop it? below are the error message:
81.198.214.48 [0968] 16:14:01 Connected, local IP=xx.xx.xx.xx:25
81.198.214.48 [0968] 16:14:01 >>> 220 mymailserver.com ESMTP IceWarp 11.0.1.2; Fri, 13 Feb 2015 16:14:01 +0800
81.198.214.48 [0968] 16:14:02 <<< EHLO ylmf-pc
81.198.214.48 [0968] 16:14:02 >>> 250-mymailserver.com Hello ylmf-pc [81.198.214.48], pleased to meet you.
81.198.214.48 [0968] 16:14:03 <<< AUTH LOGIN
81.198.214.48 [0968] 16:14:03 >>> 334 VXNlcx5hbWU6
81.198.214.48 [0968] 16:14:04 <<< aGFua3M=
81.198.214.48 [0968] 16:14:04 >>> 334 UGFzcxdvcmQ6
81.198.214.48 [0968] 16:14:04 <<< ODg4ODg4
81.198.214.48 [0968] 16:14:24 >>> 535 5.7.8 Authentication credentials invalid
81.198.214.48 [0968] 16:14:24 *** <> <> 0 0 00:00:00 INCOMPLETE-SESSION
81.198.214.48 [0968] 16:14:24 Disconnected