My server has started receiving thousands of attempts to use my mail server to send spam from dynamic.hinet.net. The attempts are always rejected, but it's non-stop. I'd like to block these attempts before they even reach the mail server is possible. Below are a couple of examples.
NOQUEUE: reject: RCPT from 111-249-39-49.dynamic.hinet.net[111.249.39.49]: 554 5.7.1 <szulin0918@yahoo.com.tw>: Relay access denied;
NOQUEUE: reject: RCPT from 118-160-213-218.dynamic.hinet.net[118.160.213.218]: 554 5.1.8 <ibnzjsmvk@yahoo.com.jp>: Sender address rejected: Domain not found;
I have installed fail2ban but I'm not sure how to configure it properly. At the moment it blocks an IP after they have attempted and been rejected several times, but the problem is that the IPs from hinet.net change a LOT so they're never ending. They start 111, 114, 118, 36... could be more but that's what I've observed. I've thought about blocking IPs that start with these numbers via postscreen config, but was unsure whether I'd end up blocking legitimate emails by blanket blocking an entire IP range.
So, any idea on how to configure fail2ban, or postscreen, or some other way, to block these hinet.net people altogether? Can I not put a rule on IPTables that blocks anything with "hinet.net" in the name or something?
Any help appreciated!