Hi All,
Did try everything by fine-tine the main.cf file of postfix. Also CSF has been configured correct. But my maillog is growing fast… LOT of connections to send emails to <random characters>@160bpm.com. What can i do to block those connections? Manual blocking the IP number in CSF.deny is a not done action i think?
Here part of the maillog:
Apr 18 15:15:50 vps postfix/smtpd[7169]: Anonymous TLS connection established from mail.herontower.com[217.150.111.82]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:50 vps postfix/smtpd[7197]: setting up TLS connection from ao.openspace.org[69.12.175.114] Apr 18 15:15:50 vps postfix/smtpd[7169]: NOQUEUE: reject: RCPT from mail.herontower.com[217.150.111.82]: 454 4.1.1 B7C92406@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=B7C92406@160bpm.com proto=ESMTP helo=<mail.herontower.com> Apr 18 15:15:50 vps postfix/smtpd[7169]: disconnect from mail.herontower.com[217.150.111.82] Apr 18 15:15:50 vps postfix/smtpd[7197]: Anonymous TLS connection established from ao.openspace.org[69.12.175.114]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:51 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from ao.openspace.org[69.12.175.114]: 454 4.1.1 819191B48@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=819191B48@160bpm.com proto=ESMTP helo=<mail.openspace.org> Apr 18 15:15:51 vps postfix/smtpd[7197]: disconnect from ao.openspace.org[69.12.175.114] Apr 18 15:15:53 vps postfix/smtpd[7178]: connect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: setting up TLS connection from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: Anonymous TLS connection established from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:53 vps postfix/smtpd[7140]: connect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7140]: setting up TLS connection from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7178]: NOQUEUE: reject: RCPT from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: 454 4.1.1 C1AC079@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=C1AC079@160bpm.com proto=ESMTP helo=<mail.nementis.eu> Apr 18 15:15:54 vps postfix/smtpd[7140]: Anonymous TLS connection established from Exch1.3nerds.net[69.65.19.12]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 18 15:15:54 vps postfix/smtpd[7178]: disconnect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:54 vps postfix/smtpd[7140]: NOQUEUE: reject: RCPT from Exch1.3nerds.net[69.65.19.12]: 454 4.1.1 4701728@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=4701728@160bpm.com proto=ESMTP helo=<Exch1.3nerds.net> Apr 18 15:15:55 vps postfix/smtpd[7140]: disconnect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:55 vps postfix/smtpd[7197]: connect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:55 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.helvetasnepal.org.np[202.79.37.43]: 454 4.7.1 Service unavailable; Client host [202.79.37.43] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?202.79.37.43; from=<> to=4A2DF69565@160bpm.com proto=ESMTP helo=<PO-MAIL.helvetas.org.np> Apr 18 15:15:56 vps postfix/smtpd[7197]: disconnect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:56 vps postfix/smtpd[7178]: connect from mail.vapco.net[80.90.161.212] Apr 18 15:15:56 vps postfix/smtpd[7178]: setting up TLS connection from mail.vapco.net[80.90.161.212] Apr 18 15:15:57 vps postfix/smtpd[7197]: connect from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: setting up TLS connection from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: Anonymous TLS connection established from mail.belgoflor.be[91.183.44.224]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:57 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.belgoflor.be[91.183.44.224]: 454 4.1.1 E8041FC@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=E8041FC@160bpm.com proto=ESMTP helo=<mail.belgoflor.be> Apr 18 15:15:57 vps postfix/smtpd[7197]: disconnect from mail.belgoflor.be[91.183.44.224]
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Whats your main.cf look like in terms of mynetworks and mydestinations? <br> <br>http://www.postfix.org/postconf.5.html#mynetworks <br> <br>http://www.postfix.org/postconf.5.html#mydestination <br>
had add some new restrictions, but didn’t work well… have filter a log where multple time 1 ip came back. This IP have manual blocked in csf.deny with comment # do not delete <br>Now there is less traffic, csf block the ip before it comes to Postfix. <br> <br>I’m working to let work the 2 restrictions <br># reject_unknown_helo_hostname, <br># reject_invalid_helo_hostname, <br>But when i enable this i can’t send emails out as well.
Alex: Thank you… I will read this site. Then i will solve my problem i guess… otherwise i’m back here… If solved i will commend a new post: SOLVED
Here is a good start when it comes to postfix security: http://www.postfix.org/SMTPD_ACCESS_README.html