On Wed, Oct 07, 2020 at 08:02:02PM -0700, li...@lazygranch.com wrote: > Is there something I should be doing to mitigate this problem? > > Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from > unknown[180.123.163.212]
Were you expecting email from the below network? If not, you don't need to worry about bots checking out your MTA. [ Not all bots are bad, my DANE survey bot will connect to your MX hosts ~once a day to each MX host IP address (for those MX hosts that have DANE TLSA records), but it will politely send "QUIT" after STARTTLS[1] and a post-TLS EHLO. ] inetnum: 180.96.0.0 - 180.127.255.255 netname: CHINANET-JS descr: Chinanet Jiangsu Province Network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CH93-AP tech-c: CJ186-AP remarks: service provider status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS last-modified: 2016-05-04T00:18:52Z source: APNIC mnt-irt: IRT-CHINANET-CN irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: anti-s...@ns.chinanet.cn.net abuse-mailbox: anti-s...@ns.chinanet.cn.net admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered mnt-by: MAINT-CHINANET last-modified: 2010-11-15T00:31:55Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-86588231 phone: +86-25-86588745 fax-no: +86-25-86588104 e-mail: jsab...@189.cn remarks: send anti-spam reports to jsab...@189.cn remarks: send abuse reports to jsab...@189.cn remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: jsab...@189.cn mnt-by: MAINT-CHINANET-JS last-modified: 2020-04-02T09:18:02Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-s...@ns.chinanet.cn.net address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2014-02-27T03:37:38Z source: APNIC -- Viktor. [1] https://stats.dnssec-tools.org/about.html If so, you'll see log entries like: Oct 7 15:23:51 amnesiac postfix/smtpd[94878]: connect from dnssec-stats.ant.isi.edu[128.9.29.254] Oct 7 15:23:52 amnesiac postfix/smtpd[94878]: Anonymous TLS connection established from dnssec-stats.ant.isi.edu[128.9.29.254]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Oct 7 15:23:52 amnesiac postfix/smtpd[94878]: disconnect from dnssec-stats.ant.isi.edu[128.9.29.254] ehlo=2 starttls=1 quit=1 commands=4 Oct 7 15:23:53 amnesiac postfix/smtpd[94878]: connect from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe] Oct 7 15:23:54 amnesiac postfix/smtpd[94878]: Anonymous TLS connection established from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Oct 7 15:23:54 amnesiac postfix/smtpd[94878]: disconnect from dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe] ehlo=2 starttls=1 quit=1 commands=4