Question

Re IP 185.125.4.197: How to reject such connections

Guys, Hi!

I see in my mail.log file there this server (IP 185.125.4.197) try to connect my server. There are some records from /var/log/syslog Apr 20 08:54:06 – postfix/smtpd[21689]: connect from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: lost connection after AUTH from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: disconnect from unknown[185.125.4.197] Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection rate 1/60s for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection count 1 for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max cache size 1 at Apr 20 08:54:06

The main question should I worry aboit it? And could I make some changes in some config files to reject such non-authorize connections.

Thank you anyway!

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

A good starting point would be to setup Fail2Ban: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 This guide shows you how to ban traffic via SSH, but you can also expand Fail2Ban with filters to help with SMTP: http://www.fail2ban.org/wiki/index.php/Sendmail