Guys, Hi!
I see in my mail.log file there this server (IP 185.125.4.197) try to connect my server. There are some records from /var/log/syslog Apr 20 08:54:06 – postfix/smtpd[21689]: connect from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: lost connection after AUTH from unknown[185.125.4.197] Apr 20 08:54:06 – postfix/smtpd[21689]: disconnect from unknown[185.125.4.197] Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection rate 1/60s for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max connection count 1 for (smtp:185.125.4.197) at Apr 20 08:54:06 Apr 20 08:57:26 – postfix/anvil[21691]: statistics: max cache size 1 at Apr 20 08:54:06
The main question should I worry aboit it? And could I make some changes in some config files to reject such non-authorize connections.
Thank you anyway!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
A good starting point would be to setup Fail2Ban: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 This guide shows you how to ban traffic via SSH, but you can also expand Fail2Ban with filters to help with SMTP: http://www.fail2ban.org/wiki/index.php/Sendmail