On 12/21/2012 11:25 AM, motty cruz wrote: > Hello, > I have the following in my configuration but does not seem to make > any difference on the connection errors I see in the logs > > smtpd_error_sleep_time=1h
The above is a good way to DoS yourself. Error sleep time should be 0s or 1s, never more than a few seconds. This has nothing to do with your log snippet below. > smtpd_soft_error_limit=10 > smtpd_hard_error_limit=20 Those are OK, but have nothing to do with your log snippet below. > > > log: > Dec 21 09:22:53 mas postfix/smtpd[23941]: connect from > unknown[186.81.31.93] > Dec 21 09:22:54 mas postfix/smtpd[23941]: NOQUEUE: reject: RCPT from > unknown[186.81.31.93]: 554 5.7.1 Client host rejected: cannot find > your hostname, [186.81.31.93]; from=<kg....@lincoln.com > <mailto:kg....@lincoln.com>> to=<jason_grif...@sscsinc.com > <mailto:jason_grif...@sscsinc.com>> proto=SMTP helo=<lincoln.com > <http://lincoln.com>> > Dec 21 09:22:54 mas postfix/smtpd[23941]: lost connection after RCPT > from unknown[186.81.31.93] > Dec 21 09:22:54 mas postfix/smtpd[23941]: disconnect from > unknown[186.81.31.93] > > it's been going for about an hour and it does not stop, any idea? It's unclear what you want to stop. The above client was rejected with the "reject_unknown_client_hostname" restriction. The rejection is correct as the client hostname does not have a matching A record. (name->address mapping failed). http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname The client is also listed on several RBLs. If your intention is to stop seeing rejections from this client in your logs, either close your eyes, or firewall the IP. Unless you're getting enough connections from this client to constitute a DoS attack, it's not bothering postfix in the least, and not accepting any mail from the offending client. If your intention is to temporarily block a persistent spammer, use fail2ban. -- Noel Jones
