Question

Re IP 185.125.4.197: How to reject such connections

Guys, Hi!

I see in my mail.log file there this server (IP 185.125.4.197) try to connect my server. There are some records from /var/log/syslog Apr 20 08:54:06 – postfix/smtpd[21689]: connect from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: lost connection after AUTH from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: disconnect from unknown[185.125.4.197] Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection rate 1/60s for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection count 1 for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max cache size 1 at Apr 20 08:54:06

The main question should I worry aboit it? And could I make some changes in some config files to reject such non-authorize connections.

Thank you anyway!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

A good starting point would be to setup Fail2Ban: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 This guide shows you how to ban traffic via SSH, but you can also expand Fail2Ban with filters to help with SMTP: http://www.fail2ban.org/wiki/index.php/Sendmail