Hi All,
Did try everything by fine-tine the main.cf file of postfix. Also CSF has been configured correct. But my maillog is growing fast… LOT of connections to send emails to <random characters>@160bpm.com. What can i do to block those connections? Manual blocking the IP number in CSF.deny is a not done action i think?
Here part of the maillog:
Apr 18 15:15:50 vps postfix/smtpd[7169]: Anonymous TLS connection established from mail.herontower.com[217.150.111.82]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:50 vps postfix/smtpd[7197]: setting up TLS connection from ao.openspace.org[69.12.175.114] Apr 18 15:15:50 vps postfix/smtpd[7169]: NOQUEUE: reject: RCPT from mail.herontower.com[217.150.111.82]: 454 4.1.1 B7C92406@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=B7C92406@160bpm.com proto=ESMTP helo=<mail.herontower.com> Apr 18 15:15:50 vps postfix/smtpd[7169]: disconnect from mail.herontower.com[217.150.111.82] Apr 18 15:15:50 vps postfix/smtpd[7197]: Anonymous TLS connection established from ao.openspace.org[69.12.175.114]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:51 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from ao.openspace.org[69.12.175.114]: 454 4.1.1 819191B48@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=819191B48@160bpm.com proto=ESMTP helo=<mail.openspace.org> Apr 18 15:15:51 vps postfix/smtpd[7197]: disconnect from ao.openspace.org[69.12.175.114] Apr 18 15:15:53 vps postfix/smtpd[7178]: connect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: setting up TLS connection from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:53 vps postfix/smtpd[7178]: Anonymous TLS connection established from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:53 vps postfix/smtpd[7140]: connect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7140]: setting up TLS connection from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:54 vps postfix/smtpd[7178]: NOQUEUE: reject: RCPT from static-82-85-239-64.clienti.tiscali.it[82.85.239.64]: 454 4.1.1 C1AC079@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=C1AC079@160bpm.com proto=ESMTP helo=<mail.nementis.eu> Apr 18 15:15:54 vps postfix/smtpd[7140]: Anonymous TLS connection established from Exch1.3nerds.net[69.65.19.12]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 18 15:15:54 vps postfix/smtpd[7178]: disconnect from static-82-85-239-64.clienti.tiscali.it[82.85.239.64] Apr 18 15:15:54 vps postfix/smtpd[7140]: NOQUEUE: reject: RCPT from Exch1.3nerds.net[69.65.19.12]: 454 4.1.1 4701728@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=4701728@160bpm.com proto=ESMTP helo=<Exch1.3nerds.net> Apr 18 15:15:55 vps postfix/smtpd[7140]: disconnect from Exch1.3nerds.net[69.65.19.12] Apr 18 15:15:55 vps postfix/smtpd[7197]: connect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:55 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.helvetasnepal.org.np[202.79.37.43]: 454 4.7.1 Service unavailable; Client host [202.79.37.43] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?202.79.37.43; from=<> to=4A2DF69565@160bpm.com proto=ESMTP helo=<PO-MAIL.helvetas.org.np> Apr 18 15:15:56 vps postfix/smtpd[7197]: disconnect from mail.helvetasnepal.org.np[202.79.37.43] Apr 18 15:15:56 vps postfix/smtpd[7178]: connect from mail.vapco.net[80.90.161.212] Apr 18 15:15:56 vps postfix/smtpd[7178]: setting up TLS connection from mail.vapco.net[80.90.161.212] Apr 18 15:15:57 vps postfix/smtpd[7197]: connect from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: setting up TLS connection from mail.belgoflor.be[91.183.44.224] Apr 18 15:15:57 vps postfix/smtpd[7197]: Anonymous TLS connection established from mail.belgoflor.be[91.183.44.224]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 18 15:15:57 vps postfix/smtpd[7197]: NOQUEUE: reject: RCPT from mail.belgoflor.be[91.183.44.224]: 454 4.1.1 E8041FC@160bpm.com: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=E8041FC@160bpm.com proto=ESMTP helo=<mail.belgoflor.be> Apr 18 15:15:57 vps postfix/smtpd[7197]: disconnect from mail.belgoflor.be[91.183.44.224]
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Here is a good start when it comes to postfix security: http://www.postfix.org/SMTPD_ACCESS_README.html
Alex: Thank you… I will read this site. Then i will solve my problem i guess… otherwise i’m back here… If solved i will commend a new post: SOLVED
had add some new restrictions, but didn’t work well… have filter a log where multple time 1 ip came back. This IP have manual blocked in csf.deny with comment # do not delete <br>Now there is less traffic, csf block the ip before it comes to Postfix. <br> <br>I’m working to let work the 2 restrictions <br># reject_unknown_helo_hostname, <br># reject_invalid_helo_hostname, <br>But when i enable this i can’t send emails out as well.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.