Hi,
During the night, for many hours, we logged several thousand of such
entries(always the same server):
Nov 7 04:04:52 vmail postfix/smtpd[3100]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:52 vmail postfix/smtpd[3197]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:53 vmail postfix/smtpd[3321]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3184]: too many errors after AUTH
from mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3184]: disconnect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3176]: too many errors after AUTH
from mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3176]: disconnect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3184]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3176]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3100]: too many errors after AUTH
from mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3100]: disconnect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3197]: too many errors after AUTH
from mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:55 vmail postfix/smtpd[3197]: disconnect from
mail.videco.com.ar[190.220.14.235]
Since this server does not accept unauthenticated smtp connectionsexcept
only from our gateway serverand requires AUTHfor all others,do the above
log entries depictfailed login (SASL-Auth) attempts, i.e. brute-force
attempts?
If so, can we configure Postfix to restrict the number of such
connections, or it is advised to use a policy server (e.g. like postfwd)?
Please advise.
Thanks,
Nick
