Hi, I'm getting the following connections from suspicious IPs.
$ sudo more /var/log/mail.info <DATE> <MACHINE> postfix/smtpd[PID]: connect from unknown[IP] <DATE> <MACHINE> postfix/smtpd[PID]: lost connection after UNKNOWN from unknown[IP] <DATE> <MACHINE> postfix/smtpd[PID]: disconnect from unknown[IP] What's going on here? Should I follow this [1] advice: smtp_client_restrictions = reject_unknown_reverse_client_hostname Is it enough? Should I configure "fail2ban" to reject these? I also have these entries in the same log file: <DATE> <MACHINE> postfix/pickup[PID]: ... from=<root> ... <DATE> <MACHINE> postfix/cleanup[PID]: ... from=<root@<mydomain>> ... <DATE> <MACHINE> postfix/qmgr[PID]: ... from=<root@<mydomain>> ... <DATE> <MACHINE> postfix/local[PID]: ... to=<root@<mydomain>> ... Why does it use root? AFAICT, there should be a different value. Is this a placeholder/default value? [1] http://tech.groups.yahoo.com/group/postfix-users/message/279104
