postfix unauthorised connection

Discussion in 'Installation/Configuration' started by pawan, Mar 2, 2013.

  1. pawan

    pawan New Member

    This type of lines appear frequently in mail.log

    Code:
    Mar 2 13:21:59 server1 postfix/smtpd[13724]: 327182100710: client=postwall04.smp.mweb.co.za[196.28.76.24]
    Mar 2 13:21:59 server1 postfix/smtpd[13724]: disconnect from postwall04.smp.mweb.co.za[196.28.76.24]
    Code:
    Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection rate 1/60s for (smtp:110.205.36.26) at Mar 2 13:23:23
    Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max connection count 1 for (smtp:110.205.36.26) at Mar 2 13:23:23
    Mar 2 13:31:58 server1 postfix/anvil[13741]: statistics: max message rate 1/60s for (smtp:196.28.76.24) at Mar 2 13:21:58
    How can I block such connections?
     
  2. florian030

    florian030 Member HowtoForge Supporter ISPConfig Developer

    You can add the IP to your firewall. I´m not sure how you can setup this with your shown log-entries. I use postfix with postscreen and add blocked IPs to the firewall using syslog-ng. This could be done also with rsyslog.
     
  3. pawan

    pawan New Member

    Thanks, I am using fail2ban.
    But no idea, what regex I should use to ban these occurrences.
     
  4. florian030

    florian030 Member HowtoForge Supporter ISPConfig Developer

    As mentioned above you can´t use these log-lines (just connect and disconnect) with fail2ban. Otherwise you will block EVERY connection. You better give postscreen a try.... http://blog.schaal-24.de/?p=661&lang=en
     
    Last edited: Mar 2, 2013
: postfix

Share This Page