This is not a real problem, but I am curious to understand what is happening here.
I am running a small postfix server for personal use. One thing that I observe over and over again is thousands of "lost connection after AUTH" connections, such as these: 08:23:19 postfix/smtpd[4925]: connect from unknown [155.133.38.30] 08:23:19 postfix/smtpd[4925]: lost connection after AUTH from unknown [155.133.38.30] 08:23:19 postfix/smtpd[4925]: disconnect from unknown [155.133.38.30] now, these are not causing much trouble for me (other than flooding my logs), and I know I can tweak the anvil rate limits (I am using these below and since these "lost connection after auth" happen every 1 - 2 minutes, they are not caught by my anvil filter.): anvil_rate_time_unit = 60s smtpd_client_connection_rate_limit = 10 smtpd_client_message_rate_limit = 10 smtpd_client_new_tls_session_rate_limit = 10 I am curious to know, who are these agents connecting to my server, and what are they trying to achieve ? AFAICT, they don't even attempt to send spam, or use me as relay. What do they want?
