On 18/04/21 7:32 pm, li...@lazygranch.com wrote:
And so it goes. I suppose if this really bugs me I can block the server
in firewalld. I've yet to see it actually deliver mail. Or complain to
the data center.
https://serveroffer.lt
Firewalling is definitely the best solution to the problem you're
having, because it will keep your mail logs clear of this sort of noise.
It can feel a bit like whack-a-mole though, and there are tools around
that help with this (although I don't personally have experience with
them), such as fail2ban?
Even if you choose to manage the firewall rules manually, I'd suggest
you devise some sort of regime where the rules you add aren't permanent.
E.g. I set a timestamp in the comment when I create the rule, and then
after 6 months if there is no current activity from that IP address I
delete the rule again. There are several reasons for doing this:
1. It stops the number of firewall rules growing indefinitely. (Each
rule has a cost in terms of processing.)
2. If the IP address gets reassigned to a legitimate user, you aren't
penalising them indefinitely for someone else's misbehaviour.
Nick.
P.S. Although it isn't suitable for use on your submission port (465 /
587), in case you aren't aware of it already, check out postscreen:
http://www.postfix.org/POSTSCREEN_README.html
