The full cidr is blocked in the firewall.
Original Message From: Patrick Chemla Sent: Wednesday, November 16, 2016 2:48 AM To: postfix-users@postfix.org Subject: Re: hacker or server problem Le 16/11/2016 à 12:38, li...@lazygranch.com a écrit : > On Wed, 16 Nov 2016 02:26:13 -0800 > "li...@lazygranch.com" <li...@lazygranch.com> wrote: > >> On Wed, 16 Nov 2016 11:52:14 +0200 >> Patrick Chemla <patrick.che...@perfaction.net> wrote: >> >>> Le 16/11/2016 à 11:45, li...@lazygranch.com a écrit : >>>> Is this a hack or a server problem. IP was listed in abusedb >>>> about a year ago. >>>> >>>> <pattern repeats> >>>> Nov 16 09:14:36 theranch postfix/smtpd[6094]: connect from >>>> unknown[87.236.215.11] Nov 16 09:14:36 theranch >>>> postfix/smtpd[6094]: lost connection after AUTH from >>>> unknown[87.236.215.11] Nov 16 09:14:36 theranch > <snip> > # bzgrep -e 87.236.215.11 maillog | wc -l > 212 > > Three lines per hack. Make that 70 attempts. The stats line messes up > the line count. > First entry:Nov 16 09:13:45 > Last entry: Nov 16 09:18:00 > 255 seconds > 16.5 attempts a minute > 16 Attempts per second, yes this is a hack attempt. Protect yourself immediatly, even if he will surely need some (hundred of) thousands attempts to find a password. Another problem is that he is taking your bandwith. Patrick
