Hello,Can someone confirm that the log excerpt below is most likely a bot of some kind attempting to authenticate to my Postfix server please ?
Seems like I could do with slowing such attempts down. Any advice on best practices would be welcome.
[..]Feb 4 15:00:23 tooms postfix/smtpd[89297]: warning: 213.83.78.219: hostname bri209-79623-rtr-adsl-219.altohiway.com verification failed: hostname nor servname provided, or not known Feb 4 15:00:23 tooms postfix/smtpd[89298]: warning: 213.83.78.219: hostname bri209-79623-rtr-adsl-219.altohiway.com verification failed: hostname nor servname provided, or not known Feb 4 15:00:24 tooms postfix/smtpd[89288]: lost connection after AUTH from unknown[213.83.78.219] Feb 4 15:00:24 tooms postfix/smtpd[89286]: lost connection after AUTH from unknown[213.83.78.219] Feb 4 15:00:24 tooms postfix/smtpd[89289]: lost connection after AUTH from unknown[213.83.78.219] Feb 4 15:00:24 tooms postfix/smtpd[89290]: lost connection after AUTH from unknown[213.83.78.219]
[..] The full log file can be found here : http://nrth.org/abuse/2012-02-04-opal_solutions-talktalk-smtp-auth.txt I've grep'd 938 instances of the next line :Feb 4 15:00:32 tooms postfix/smtpd[89288]: lost connection after AUTH from unknown[213.83.78.219]
This was between 15:00 and 15:08 today. 'altohiway.com' is now blocked for the time being.
Thanks for your time. Regards, Pete.
smime.p7s
Description: S/MIME Cryptographic Signature
