Question

Is this a spammer trying to access or just the system?

When I look at my syslog file I see the following lines nearly every 5 minutes. I don’t recognize the mentioned IP address. According to Whois it is something from Poland (not my country). What is happening here? And can I block it?

Jun  8 21:10:14 ubuntu-1gb-ams2-Nova postfix/anvil[24423]: statistics: max connection rate 1/60s for (smtp:193.189.117.151) at Jun  8 21:06:52
Jun  8 21:10:14 ubuntu-1gb-ams2-Nova postfix/anvil[24423]: statistics: max connection count 1 for (smtp:193.189.117.151) at Jun  8 21:06:52
Jun  8 21:10:14 ubuntu-1gb-ams2-Nova postfix/anvil[24423]: statistics: max cache size 1 at Jun  8 21:06:52
Jun  8 21:11:55 ubuntu-1gb-ams2-Nova postfix/smtpd[24621]: connect from unknown[193.189.117.151]
Jun  8 21:11:57 ubuntu-1gb-ams2-Nova postfix/smtpd[24621]: warning: unknown[193.189.117.151]: SASL LOGIN authentication failed: authentication failure
Jun  8 21:11:57 ubuntu-1gb-ams2-Nova postfix/smtpd[24621]: lost connection after AUTH from unknown[193.189.117.151]
Jun  8 21:11:57 ubuntu-1gb-ams2-Nova postfix/smtpd[24621]: disconnect from unknown[193.189.117.151]

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I solved this issue by adding this below line:

smtpd_tls_auth_only = yes

in

/etc/postfix/main.cf

file. Then restart postfix:

service postfix restart

Three years later, and I am going to be that guy who revives this thread :-)

I added the following entries to /etc/postfix/main.cf ::

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_invalid_hostname,
     permit
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Then restarted Postfix service postfix restart

Yes, that address shows up on several blacklists.