hello,
---
Mitten drin statt nur Datei!
Am 2020-10-08 11:54, schrieb Zsombor B:
Just set up fail2ban, it will take care of this.
Idézet (li...@lazygranch.com):
Is there something I should be doing to mitigate this problem?
Oct 8 02:11:42 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:43 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:44 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:45 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:45 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:45 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:46 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:46 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:46 myserver postfix/smtpd[11630]: lost connection after
CONNECT from unknown[180.123.163.212]
Oct 8 02:11:46 myserver postfix/smtpd[11630]: disconnect from
unknown[180.123.163.212] commands=0/0
Oct 8 02:11:46 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:47 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:47 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:47 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:48 myserver postfix/smtpd[11630]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:48 myserver postfix/smtpd[11630]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:48 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:48 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:48 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:50 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:53 myserver postfix/smtpd[11630]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:53 myserver postfix/smtpd[11630]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:54 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:54 myserver postfix/smtpd[11632]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:54 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:54 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:55 myserver postfix/smtpd[11630]: lost connection after
EHLO from unknown[180.123.163.212]
Oct 8 02:11:55 myserver postfix/smtpd[11630]: disconnect from
unknown[180.123.163.212] ehlo=1 commands=1
Oct 8 02:11:55 myserver postfix/smtpd[11632]: connect from
unknown[180.123.163.212]
Oct 8 02:11:55 myserver postfix/smtpd[11632]: warning: Connection
rate limit exceeded: 11 from unknown[180.123.163.212] for service smtp
Oct 8 02:11:55 myserver postfix/smtpd[11632]: disconnect from
unknown[180.123.163.212] commands=0/0
Oct 8 02:11:55 myserver postfix/smtpd[11630]: connect from
unknown[180.123.163.212]
Oct 8 02:11:55 myserver postfix/smtpd[11630]: warning: Connection
rate limit exceeded: 12 from unknown[180.123.163.212] for service smtp
Oct 8 02:11:55 myserver postfix/smtpd[11630]: disconnect from
unknown[180.123.163.212] commands=0/0
Oct 8 02:15:15 myserver postfix/anvil[11633]: statistics: max
connection rate 12/60s for (smtp:180.123.163.212) at Oct 8 02:11:55
Oct 8 02:15:15 myserver postfix/anvil[11633]: statistics: max
connection count 2 for (smtp:180.123.163.212) at Oct 8 02:11:43
Oct 8 02:15:15 myserver postfix/anvil[11633]: statistics: max cache
size 1 at Oct 8 02:11:42
-------------------------------------
postconf mail_version
mail_version = 3.5.7
------------------------------------
smtpd_client_auth_rate_limit = 20
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 10
smtpd_client_new_tls_session_rate_limit = 3
smtpd_client_recipient_rate_limit = 40
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre,
reject_unknown_reverse_client_hostname, check_client_access
hash:/etc/postfix/spamsources
smtpd_error_sleep_time = 2s
smtpd_hard_error_limit = 6
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893
smtpd_recipient_limit = 20
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
reject_unauth_pipelining, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_non_fqdn_recipient, check_client_access
hash:/etc/postfix/client_checks, check_sender_access
hash:/etc/postfix/sender_checks, reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org, reject_rbl_client
cbl.abuseat.org, reject_rbl_client rabl.nuclearelephant.com,
reject_rbl_client zen.spamhaus.org, check_policy_service
unix:private/policy
smtpd_relay_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, check_policy_service
unix:private/policy
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, reject_unknown_address,
check_sender_access hash:/etc/postfix/spamsources
smtpd_soft_error_limit = 3
on some server i limit this with iptables.
with "shorewall" it is easy to configure.
i limit the connects per second for each unique ip.
this works well. ofcourse you can also do it with iptables standalone if
you speak iptablish :-)
greets marko
---------
Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC
2020 x86_64 x86_64 x86_64 GNU/Linux