2021-05-06 11:07:57 no host name found for IP address 68.183.80.168
2021-05-06 11:07:58 no host name found for IP address 68.183.80.168
2021-05-06 11:07:58 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:07:59 no host name found for IP address 68.183.80.168
2021-05-06 11:07:59 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:08:00 no host name found for IP address 68.183.80.168
2021-05-06 11:08:00 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
2021-05-06 11:08:01 no host name found for IP address 68.183.80.168
2021-05-06 11:08:01 SMTP call from [68.183.80.168] dropped: too many
unrecognized commands (last was "Accept-Encoding: gzip, deflate")
these are clients, that send "GET /..whatever HTTP/1.0" as greeting.
I suggest:
not to wait for the usual error treshhold of smtp related errors, but
instead auto disconnect and block the IP for a few minutes , because, as
seen, they come back as often as you let them.
I think, that exim could be reliable detect and implement this without
breaking any existing config. As a result, the world will be a better
place and less hamsters got wasted in the cpus around the world. This
also is a small benefit for the worlds climate, by lesser consumption of
energy ;)