The overall SMTP connection rate has dropped from last week, down to 140,000 SMTP connections from at least 36,000 different IP addresses. The SMTP frontend hit a high-water of 16 simultaneous connections, I believe relatively early in the week, so I suspect we saw the spillover from last week's traffic burst last Sunday and maybe Monday and then a normal rest of the week.

Kernel level IP rejections:

Host/Mask           Packets   Bytes
207.235.38.19         10721    515K
212.216.176.0/24       7974    434K
203.98.175.42          7469    359K
61.128.0.0/10          6122    297K
192.35.251.3           6086    292K
170.206.225.64         5587    268K
68.164.24.147          5136    261K
80.55.43.26            3812    229K
82.235.46.17           3807    194K
216.7.201.43           3462    166K

This seems to have been a slow week for Chinese networks (our usual source of rejections from large netblocks); only one made it into the top ten. The individual hosts listed are the usual grab-bag assortment of dynamically added places, with some faces reappearing from last week (170.206.225.64 remaining listed in dnsbl.njabl.org).

Connection-time rejections run:

  23940 total
  11281 dynamic IP
   8525 bad or no reverse DNS
   1699 class bl-cbl
    532 class bl-spews
    434 class bl-ordb
    424 class bl-dsbl
    377 class bl-sbl
    114 class bl-njabl
    110 class bl-sdul
      2 class bl-opm

(Embarrassingly, I only got around to automating this report via a script this week. When will I learn to take my own advice?)

No single IP address was a really big source of connection-time rejections.

Bad HELO greetings are well down from last week but are up somewhat over the week before that, which could be more signs of a Sunday/Monday spillover effect.