#1  
Old 2nd March 2013, 09:16
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default postfix unauthorised connection

This type of lines appear frequently in mail.log

Code:
Mar 2 13:21:59 server1 postfix/smtpd[13724]: 327182100710: client=postwall04.smp.mweb.co.za[196.28.76.24]
Mar 2 13:21:59 server1 postfix/smtpd[13724]: disconnect from postwall04.smp.mweb.co.za[196.28.76.24]
Code:
Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection rate 1/60s for (smtp:110.205.36.26) at Mar 2 13:23:23
Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection count 1 for (smtp:110.205.36.26) at Mar 2 13:23:23
Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max message rate 1/60s for (smtp:196.28.76.24) at Mar 2 13:21:58
How can I block such connections?
Reply With Quote
Sponsored Links
  #2  
Old 2nd March 2013, 12:32
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 229
Thanks: 8
Thanked 62 Times in 53 Posts
Default

You can add the IP to your firewall. Im not sure how you can setup this with your shown log-entries. I use postfix with postscreen and add blocked IPs to the firewall using syslog-ng. This could be done also with rsyslog.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
  #3  
Old 2nd March 2013, 13:41
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default

Thanks, I am using fail2ban.
But no idea, what regex I should use to ban these occurrences.
Reply With Quote
  #4  
Old 2nd March 2013, 13:53
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 229
Thanks: 8
Thanked 62 Times in 53 Posts
 
Default

As mentioned above you cant use these log-lines (just connect and disconnect) with fail2ban. Otherwise you will block EVERY connection. You better give postscreen a try.... http://blog.schaal-24.de/?p=661&lang=en
__________________
regards
Florian

blog.schaal-24.de

Last edited by florian030; 2nd March 2013 at 13:56.
Reply With Quote
Reply

Bookmarks

Tags
postfix

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 22:58
Postfix and Dovecot continuous problems keen Server Operation 24 17th July 2012 16:50
Combination of postfix and courier failing Xaymar Server Operation 3 7th March 2012 17:28
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47


All times are GMT +2. The time now is 02:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.