My mail.log is overflowing with random spammers attempting to send spam through my server.
Is this typical or have I misconfigured something?
Is there a way to ban an IP after several attempts of relaying or is there a way not to log these attempts? (latter might be a bad idea)
Once they find an IP that answers to port 25, they'll try everything they can to relay through it or guess valid email addresses that they can deliver spam to. I don't think you want to quit logging it just in case something does come through that you later need to diagnose.
fail2ban and iptables --recent would cut down on the log entries by firewalling the IPs that are attempting to connect multiple times. Each has a 'window' of opportunity for a spammer to try before getting blocked. fail2ban would be better in this case as it would block based on failure messages. iptables --recent is much less discriminate and might block legitimate connections that passed a threshhold.
You could alter your syslog configuration to log only .info to your maillog, and .warn/.err to a separate file.
You can also set these options for postfix to reject connections from rogue clients.
smtpd_error_sleep_time = 10s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
