By Vladislav
Guys, Hi!
I see in my mail.log file there this server (IP 185.125.4.197) try to connect my server. There are some records from /var/log/syslog Apr 20 08:54:06 – postfix/smtpd[21689]: connect from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: lost connection after AUTH from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: disconnect from unknown[185.125.4.197] Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection rate 1/60s for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection count 1 for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max cache size 1 at Apr 20 08:54:06
The main question should I worry aboit it? And could I make some changes in some config files to reject such non-authorize connections.
Thank you anyway!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
A good starting point would be to setup Fail2Ban: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 This guide shows you how to ban traffic via SSH, but you can also expand Fail2Ban with filters to help with SMTP: http://www.fail2ban.org/wiki/index.php/Sendmail
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.