On 2016.11.27 20.43, li...@lazygranch.com wrote: > I should have mentioned the mail system is on a VPS and I'm the only > user. And yes, trouble makers are on the Internet.
well, this simplifies things quite of bit, of course. > What lead me to this was I did bzgrep "max auth" and noticed both > smtp and submission was found. i hope you're not offering smtp auth on port 25. (max auth as in checking anvil rate > limiting). Since I'm the only person that should (we hope) have valid > usernames and passwords, blocking the port from the internet trouble > makers make sense if there is no legitimate reason for others to > use the port. > > My blocking list of trouble makers is self generated, so I won't be > on it. > > I do think servers hammering 587 is odd, but I noticed I get about > two a day. And these are just when rate limiting come in. I suppose > they could be misconfigured servers. more likely, it's just compromised devices in general, which may or may not include servers.
