Author Topic: Unauthorized Access Attempt  (Read 1815 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Unauthorized Access Attempt
« on: October 07, 2019, 07:33:21 PM »
I had to reinstall my server recently, and after setting it up, I've been getting this alert message in my email:


Message tittle: lfd on MyDomain": blocked 46.38.144.179 (IR/Iran/-)

Time:     Wed Oct  2 10:08:03 2019 -0300
IP:       46.38.144.179 (IR/Iran/-)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SMTPAUTH]

Log entries:

Oct  2 10:05:47 svr1 postfix/smtpd[58153]: warning: unknown[46.38.144.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct  2 10:06:19 svr1 postfix/smtpd[58153]: warning: unknown[46.38.144.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct  2 10:06:51 svr1 postfix/smtpd[58153]: warning: unknown[46.38.144.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct  2 10:07:25 svr1 postfix/smtpd[58153]: warning: unknown[46.38.144.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct  2 10:08:01 svr1 postfix/smtpd[58153]: warning: unknown[46.38.144.179]: SASL LOGIN authentication failed: UGFzc3dvcmQ6


This message I have been receiving once or twice a day.
As far as I am concerned, this means that someone tried to access my email server several times, or even made a BruteForce and the server blocked it.

Now the question: Is there a way to block ips addresses from outside my country (Brazil), ie allow access to the panel and login to the email server only the ips of my country?