wlanboy
Content Contributer
Back in december my mail server was hit by a huge amount of open relay scans.
About 100 per week and now they seem to come back:
Apr 1 10:38:54 wlan postfix/smtpd[13299]: connect from unknown[....]
Apr 1 10:38:54 wlan postfix/smtpd[13299]: NOQUEUE: reject: RCPT from unknown[....]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[....]>
Apr 1 10:38:55 wlan postfix/smtpd[13299]: disconnect from unknown[....]
They use different targets:
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
Quite anoying to get all the fail2ban mails, because every single attempt is using another ip address.
Does anyone else notice this?
About 100 per week and now they seem to come back:
Apr 1 10:38:54 wlan postfix/smtpd[13299]: connect from unknown[....]
Apr 1 10:38:54 wlan postfix/smtpd[13299]: NOQUEUE: reject: RCPT from unknown[....]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[....]>
Apr 1 10:38:55 wlan postfix/smtpd[13299]: disconnect from unknown[....]
They use different targets:
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
RCPT TO: <[email protected]>
Quite anoying to get all the fail2ban mails, because every single attempt is using another ip address.
Does anyone else notice this?