* thorso...@lavabit.com <thorso...@lavabit.com>: > Hi, > > I'm getting the following connections from suspicious IPs. > > $ sudo more /var/log/mail.info > > <DATE> <MACHINE> postfix/smtpd[PID]: connect from unknown[IP] > <DATE> <MACHINE> postfix/smtpd[PID]: lost connection after UNKNOWN from > unknown[IP] > <DATE> <MACHINE> postfix/smtpd[PID]: disconnect from unknown[IP] > > What's going on here?
Postfix wasn't able to determine the DNS hostname for the IP that connected. This is not an indicator that someone wants to harm or abuse your system. It simply says: I could not find a DNS hostname and since I am instructed to log a hostname I will use 'unknown' as placeholder. > Should I follow this [1] advice: > > smtp_client_restrictions = reject_unknown_reverse_client_hostname I don't think so, but it is your personal policy to decide on that. If you use that restriction, you will reject many clients on the internet - bad ones, but also many good ones. > Is it enough? Should I configure "fail2ban" to reject these? No. > I also have these entries in the same log file: > > <DATE> <MACHINE> postfix/pickup[PID]: ... from=<root> ... > <DATE> <MACHINE> postfix/cleanup[PID]: ... from=<root@<mydomain>> ... > <DATE> <MACHINE> postfix/qmgr[PID]: ... from=<root@<mydomain>> ... > <DATE> <MACHINE> postfix/local[PID]: ... to=<root@<mydomain>> ... > > Why does it use root? AFAICT, there should be a different value. Is > this a placeholder/default value? cron jobs are usually run and sent from root. The "pickup" line tells the message was sent using the sendmail command. Then "cleanup" fixes the mail address because <localpart> (root) is not a netwide routable address. cleanup appends a domainpart, which is configured using $myorigin - it defaults to $myhostname. Again: No sign of abuse. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
