Control Web Panel
WebPanel => Postfix => Topic started by: gailclark80 on February 28, 2022, 02:29:00 AM
-
maillog keeps recording the following errors, the maillog file has exceeded 50M, I found that 5.34.207.56 and 5.34.205.98 are located in Iran, obviously, my server is under attack
I tried to block these two IPs According to https://wiki.centos-webpanel.com/postfix-blacklist-domain-or-ip, I created sender_blacklist, and executed postmap /etc/postfix/sender_blacklist, but the maillog continues to recording these errors
How to fix it?
Feb 28 02:20:05 postfix/smtpd[19178]: connect from unknown[5.34.207.56]
Feb 28 02:20:05 postfix/smtpd[18173]: disconnect from unknown[5.34.207.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 28 02:20:06 postfix/smtpd[15770]: warning: unknown[5.34.205.98]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Feb 28 02:20:06 postfix/smtpd[15770]: disconnect from unknown[5.34.205.98] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 28 02:20:08 postfix/smtpd[18548]: connect from unknown[5.34.205.98]
Feb 28 02:20:10 postfix/smtpd[18173]: connect from unknown[5.34.207.56]
Feb 28 02:20:11 postfix/smtpd[17156]: warning: unknown[5.34.207.56]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Feb 28 02:20:11 postfix/smtpd[17156]: disconnect from unknown[5.34.207.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 28 02:20:14 postfix/smtpd[19184]: warning: unknown[5.34.207.56]: SASL LOGIN authentication failed: Connection lost to authentication server
Feb 28 02:20:14 postfix/smtpd[17156]: connect from unknown[5.34.207.56]
Feb 28 02:20:15 postfix/smtpd[19184]: disconnect from unknown[5.34.207.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 28 02:20:18 postfix/smtpd[19178]: warning: unknown[5.34.207.56]: SASL LOGIN authentication failed: Connection lost to authentication server
Feb 28 02:20:19 postfix/smtpd[19178]: disconnect from unknown[5.34.207.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 28 02:20:19 postfix/smtpd[19184]: connect from unknown[5.34.207.56]
Feb 28 02:20:23 postfix/smtpd[18173]: warning: unknown[5.34.207.56]: SASL LOGIN authentication failed: Connection lost to authentication server
Feb 28 02:20:24 postfix/smtpd[19178]: connect from unknown[5.34.207.56]
Feb 28 02:20:24 postfix/smtpd[18173]: disconnect from unknown[5.34.207.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
-
Welcome to owning a server. Use CSF firewall to block the two ip's. Setup automatic blocks on 4-5 failed logins.
-
you should use search before posting
http://forum.centos-webpanel.com/index.php?action=search2;params=eJwtjzFuwzAMRe_SpcsbTFGS7Qu0c4bMhiMJSAInLhQnQQofvnSRjXx8JD7H_BivqeT1c23Wj_VQt8oJDtfiHNIhPYonNGgkEFFBO4IQHEFxiqk9HT7gI75De3q8TQPBdlqkwZtpisfZIYcqanqDCGKtCXbQoyYr4pGARKS1VLfj_BzSfPmZylIs34buh3NJyzBfp9ebzHWxqpap_L_0RkM-VcO53NJGyljT0fr999dv0vxIl138A0IvSbk.
-
Now that you know that this is what happens when owning a mail server, the next piece of information is that Fail2ban easily bans such attempts.
As an example, since Nov.2020 and until now, my server has banned around 350 IPs just for this specific attempt.
-
Thank you very much @rcschaff,
Your suggestion very helpfull.
I am in this bad situation for months, lastly I found your best suggestion.
Thanks again.
Welcome to owning a server. Use CSF firewall to block the two ip's. Setup automatic blocks on 4-5 failed logins.
-
Can you tell me how you applied it?
Thank you very much @rcschaff,
Your suggestion very helpfull.
I am in this bad situation for months, lastly I found your best suggestion.
Thanks again.
Welcome to owning a server. Use CSF firewall to block the two ip's. Setup automatic blocks on 4-5 failed logins.